What's  next  for  Sun? 

Sun  made  a  big  mistake  in  turning  down  IBM's  $7  billion 
acquisition  offer,  say  analysts  who  question  the  vendor’s 
ability  to  execute  a  turnaround  on  its  own.  Page  12. 


Free  reign  to  shut  down  Internet 

BackSpin  columnist  Mark  Gibbs  questions  what 
politicians  were  thinking  when  they  proposed  giving 
President  Obama  an  Internet  Kill  Switch  to  counter 
a  cyber  attack.  Page  34. 
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Feds  join  Twitter 
revolution 
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Microblogging  is  tak¬ 
ing  flight  in  unlikely 
skies:  the  U.S. 
federal  government. 

Page  12. 


Microsoft  eating  up 
U.S.  and  global 
netbook  markets 

Microsoft  owned 
three-quarters  of 
worldwide  market 
last  year,  and  indus¬ 
try  watchers  see  that 
share  on  the  rise. 
Page  15. 


Are  you  doing 
your  part? 

Columnist  Paul 
McNamara  cites 
research  that  sug¬ 
gests  “leisure  surf¬ 
ing"  at  work  increases 
productivity.  Page  34. 

f  ITRoadmap 
Upcoming  ITR 

One-day  Network 
World  IT  event  is 
coming  to  a  city  near 
youlThe  event  fea¬ 
tures  10  IT  tracks; 
vendor  expo;  peer 
case  studies. 

Register  at: 
www.n  wd  ocf  i  n  d  e  r. 
com/8728 


Economy 
changing 
work  game 
for  ‘Gen  Y 

BY  CARA  GARRETSON 

Two  years  ago,  employment  ex¬ 
perts  advised  enterprises  to  exploit 
new  technologies  and  relax  corpo¬ 
rate  rules  to  attract  sought-after 
young  workers.Today  those  same  ex¬ 
perts  are  coaching  young  job-seek¬ 
ers  to  compete  with  more  experi¬ 
enced  applicants  by  becoming 
more,  well,  corporate. 

The  age  group  known  as  Gener¬ 
ation  Y  or  Millennials,  defined 
roughly  as  the  70  million  Americans 
who  were  born  between  1977  and 
2002,  has  been  considered  desirable 
because  of  their  comfort  level  with 
all  things  new,  particularly  technol¬ 
ogy  However,  because  of  the  reces¬ 
sion,  Millennials  are  now  competing 
for  positions  with  older,  more  experi¬ 
enced  applicants  who  have  demon¬ 
strable  skills.  Job-seeking  Millennials 
today  must  be  less  concerned  with 
the  perks  and  privileges  a  potential 
employer  offers  and  focus  instead 
on  demonstrating  their  value  to 
interviewers. 

“Right  now  employers  are  accom¬ 
modating  within  reason,”  says  Dave 

See  Youth,  page  16 


Netbooks  knocking 
on  the  door  of  IT 


BY  JOHN  COX 

One  possible  future  of 
mobile  computing  is  on  dis¬ 
play  in  classrooms  in  Fresno, 

Calif.,  where  the  public 
school  district  has  deployed 
10,000  HP  netbooks  with  an 
upgraded  Cisco  wireless 
LAN. 

While  the  term  “net- 
book”  has  no  formal  defin¬ 
ition,  it  typically  applies  to 
a  class  of  mobile  comput¬ 
ers  —  from  vendors  such 
as  Asus,  HRAcer  and  Dell 
—  that  are  smaller  than  conventional 
laptops.  They  have  lower  resolution  dis¬ 
plays  of  7  to  11  inches,  can  be  much 
lighter  overall  and  rely  on  less  powerful 
CPUs.  To  some  critics,  that  adds  up  to  a 
crippled  laptop. 

But  the  best  ones  are  extremely 


portable,  and  can  slip  into  a 
large  coat  pocket,  have  an 
almost  full  QWERTY  key¬ 
board,  offer  a  screen  that  is 
vastly  bigger  than  a  smart¬ 
phone,  and  are  inexpen¬ 
sive:  less  than  $500  and 
sometimes  well  under. 
Sales  exploded  last 
December  and  are  ex¬ 
pected  to  continue  strong. 

A  few  days  ago,  Kurt 
Madden,  CTO  for  Fresno 
Unified  School  District, 
watched  a  classroom  of 
fifth  graders  working  with  HP  Mini-Note 
2133s,  netbook-class  machines  with  8.9- 
inch  screens,  a  nearly  full-sized  QWERTY 
keyboard,  several  of  the  Microsoft  Office 
applications,  Internet  Explorer  and  pre¬ 
cious  little  else. 

See  Netbook,  page  14 


The  Asus  Eee  PC 
1000HE  netbook  is  a 
top-rated  example  of 
that  genre. 


Si  VIRTUALIZATION 

MANAGEMENT 

Gross-platform 
tools  fall  short 

■  CA  comes  out  on  top  in  a  four-prod 
uct  test,  but  there’s  room  for  improy 
ment  when  it  comes  to  products 
can  manage  mixed  VMware,  H; 

Xen  environments.  Page  21 
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Flash 
storage 
start-up  lands 
$47  million 

Flash  storage  start-up  Fusion-io  has 
had  a  big  start  to  2009,  remaking  its 
management  team  with  former  Apple 
guru  Steve  Wozniak  and  just  last  week 
landing  a  $47.5  million  funding  round. 
Fusion-io  makes  PCIe  cards  loaded 
with  flash  memory  that  are  inserted 
into  servers,  dramatically  speeding  up 
l/O-intensive  applications.The  company 
launched  in  late  2007,  and  has  since 
caught  the  attention  of  recent  "Dancing 
With  the  Stars”  showoffWozniak,  who 
joined  the  Fusion-io  advisory  board  in 
October  2008  and  in  February  became 
the  company’s  chief  scientist. 

Microsoft  warns  about  phony 
security  software 

Microsoft  detected  two  Trojan  horse 
programs,  Win32/FakeXPA  and 
Win32/FakeSecSen,  masquerading  as 
security  software  on  more  than  3  mil¬ 
lion  computers  in  the  last  six  months  of 
2008,  according  to  the  company's  most 
recent  Security  Intelligence  Report. 
With  the  Washington  state  attorney 
general,  Microsoft  launched  eight  law¬ 
suits  in  September  2008  aimed  at  track¬ 
ing  down  those  responsible  for  perpe¬ 
trating  the  scams. 

Vandals  strike  AT&T  net 
AT&T  says  the  service  outages  that  hit 
California  last  week  resulted  from  an 
apparent  act  of  vandalism  and  it  was 
working  with  law  enforcement  to  nail 
the  culprits.  At  first  the  company  said 
the  outage  was  affecting  both  wireless 
and  wireline  services  in  some  areas  of 
California  and  it  was  caused  by  an 
unspecified  number  of  fiber-optic  cable 
cuts  in  the  San  Jose  area.The  outage  in 
California  marks  the  first  major  outage 
for  AT&T  since  last  December,  when  a 
snowstorm  knocked  services  offline 
through  the  Midwestern  United  States. 
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Does  Cisco  need  Sun  to  shine 
in  the  data  center? 

Re:  Should  Cisco  move  on  Sun?  (www.nw 
docfinder.com/9534): 

In  search  of  new  revenue  stream,  Cisco  has 
placed  a  significant  emphasis  on  its  data  cen¬ 
ter  strategy  The  question  for  Cisco  is  really  if 
the  acquisition  will  take  them  beyond  current 
partnership  they  have  with  IBM,  HR  Dell  and 
others.  Acquiring  Sun 
will  make  Cisco  a  big 
player  on  the  high-end 
server  market  over¬ 
night.  On  the  Intel 
side,  Cisco  is  already 
making  good  progress 
with  VMware/virtual- 
ization. 

My  initial  thought 
was  that  the  IBM  bid 
on  Sun  was  originally 
planned  to  preempt 
and  snatch  away  from 
Cisco  considering 
what  happened  in  1996  when  IBM  tried  to 
acquire  Kalpana  when  Cisco  snatched  it  from 
IBM.  In  any  event,  there  is  a  big  risk/reward  for 
Cisco  on  Sun  acquisition. 


Train  younger  workers  at  your 
own  risk 

Re:  Afraid  of  losing  your  job  to  a  younger, 
cheaper  IT  worker?  (www.nwdocfinder. 
com/9536): 

The  person  over  45  or  50  that  gives  Lp  all  their 
accumulated  knowledge  to  an  entry-level  per¬ 
son  coming  into  modern  companies  is  doing 
nothing  but  signing  their  own  pink  slip. 

I  will  train  a  newbie 
enough  for  them  to 
be  functional  but 
never  willingly  give 
up  hard-learned 
knowledge  for  free 
any  more.  There  is  no 
loyalty  from  the  mod¬ 
ern  companies  to  the 
employees  —  why 
should  I  show  any  in 
return?  Pay  me  for  the 
knowledge  I  have 
gleaned  over  the  last 
30  years.  It  is  mine,  it  is 
valuable, and  does  not  belong  to  the  company 
that  is  currently  employing  me. 

Anon 


**The  person  over  45  or  50 
that  gives  up  all  their  accu¬ 
mulated  knowledge  to  an 
entry-level  person  coming 
into  modern  companies  is 
doing  nothing  but  signing 
their  own  pink  slip.315 


Anon 

Is  gov’t  bill  about  attack  on 
Internet  or  attack  on  freedom? 

Re:  Bill  would  give  Obama  power  to  shut 
down  Internet,  networks  during  cyber  attacks 
(www.nwdocfinder.com/9535): 

By  and  large  all  government  networks  run 
over  private  carrier  networks.  The  govern¬ 
ment  has  no  control  over  any  circuits 
except  where  they  have  an  entry  point  into 
a  carrier  POP 

This  is  as  it  should  be.  Our  country  was  built 
upon  the  concept  of  personal  economic  free¬ 
dom,  which  in  turn  leads  to  free  market  eco¬ 
nomics.  This  basic  tenet  of  the  American  suc¬ 
cess  story  is  already  under  threat. 

What’s  next?  Government  approval  of  Inter¬ 
net  services?  Yeah,  great,  let’s  imitate  coun¬ 
tries  like  North  Korea,  China  and  Saudi 
Arabia. 

Spee 


Report  of  compromised  power 
grid  sparks  FUD 

Re:  Cyberspies  have  compromised  U.S. 
power  grid,  newspaper  reports  (www. 
nwdocfinder.com/9537): 

This  seems  to  be  a  scare  tactic  to  in¬ 
crease/force  more  network  security  protocols 
onto  power  generators  and  transmission  enti- 
ties.There  is  already  enormous  efforts  by  asset 
owners  to  put  in  place  electronic  and  physical 
security  controls  by  June  30.  All  this  work  is 
mute  as  the  easiest  way  to  take  down  an  entire 
generation/transmission  system  is  to  target  the 
main  system  transmission  lines.  I  wonder  if 
DHS  =  FUD. 

Anon 

E-mail  letters  to  jdix@nww.com  or  send  them 
to  John  Dix,  editor  in  chief,  Network  World,  492 
Old  Connecticut  Path,  Framingham,  MA  01 701- 
9002.  Please  include  phone  number  and  address 
for  verification 
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Keyboard  design 
prevents  typosP 

A  keyboard  with  tactile 
error  prevention  stops 
users  from  making  typ¬ 
ing  errors. 

www.nwdocfinder.com/9543 
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GM,  Segway  show  off 
urban  vehicle 

General  Motors  has 
unveiled  a  two-wheel, 
two-seat  electric  vehi¬ 
cle  jointly  developed 
with  Segway. 

www.nwdocfinder.com/9544 


Handgrip  exerciser 
doubles  as  mouse 

A  handgrip  exerciser  is 
hacked  to  function  as  a 
mouse.  Get  a  workout 
while  you  check  your  e- 
mail. 

www.nwdocfinder.com/9545 
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BLOGOSPHERE 


■  Should  Cisco  move  on  Sun?  Cisco 
Subnet  blogger  Jim  Duffy  wonders  after 
IBM  has  apparently  lost  its  lust  for  Sun, 
should  Cisco  make  a  play  for  the  belea¬ 
guered  company?  What's  to  lose?  Cisco 
wants  to  get  into  data  center  servers  in  a  big 
way,  as  indicated  by  its  recent  Unified 
Computing  System  announcement.  All  the 
industry  scuttlebutt  has  been  about  Cisco 
competing  with  HP  and  IBM  in  data  center 
blade  servers  with  UCS,  but  Cisco  is  starting 
from  ground  zero.  It  has  no  base.  In  order  to 
compete  with  IBM  and  HP,  it  first  has  to 
leapfrog  Dell  and  Sun.  Sun’s  looking  for  a 
buyer;  it  can  be  had  for  $6  million  to  $7  billion; 
Cisco  has  $30  billion  in  cash;  Dell  and  Sun 
are  the  low  hanging  fruit  in  Cisco's  ambitions 
to  pick  the  blade  server  tree.  Sun  also  has 
some  nifty  software,  such  as  Java  and 
OpenSolaris,  that  Cisco  could  benefit  from 
as  it  looks  to  move  up  the  stack. 
www.nwdocfinder.com/9538 

■  BlackBerry  Storm  needs  bailout  and 
stimulus  package.  Cisco  Subnet  blogger 
Mitchell  Ashley  says  despite  RIM's  impres¬ 
sive  $518.3  million  fourth  quarter,  a  25.6% 
year- over-year  increase,  and  the  reasonable 
numbers  of  Storms  sold,  it’s  really  a  device 
that's  not  ready  for  prime  time.  My  verdict  on 
the  Storm?  Plain  and  simple  —  I  hate  it.This 
is  one  of  the  worst  devices  I’ve  used.  Based 
on  my  experience  I'd  say  run,  don't  walk,  as 
far  away  from  the  BlackBerry  Storm  as  pos¬ 
sible.  I'm  on  my  second  Storm  and  it’s  getting 
sent  back  just  like  the  first  one.  The  Storm 
does  not  do  what  it  says  it  will  do,  at  least  not 
on  a  reliable  basis,  and  sometimes  not  at  all. 
The  list  of  issues  I’ve  had  with  my  Storm  are 
long  and  frustrating. 
www.nwdocfinder.com/9539 

■  Need  a  bigger  security  budget?  Star 
in  your  own  hacking  video!  Blogger  Jamey 
Heary  has  assisted  many  security  directors 
in  their  process  of  justifying  new  security 
projects  and  budgets.  There  are  two  tech¬ 
niques  he's  seen  work.  Budget  approval  tech¬ 
nique  No.  1  is  whitehat  hacking  your  environ¬ 
ment.  Said  another  way,  this  is  a  technique 
that  makes  your  nebulous,  sky  is  falling  secu¬ 
rity  vulnerabilities  very  personal  and  verifi¬ 
able  to  your  executives  and  board  of  direc¬ 
tors.  Now,  you  are  ready  to  start  your  sanc¬ 
tioned  penetration  testing.  Make  sure  that 
you  have  any  administrator  or  equivalent 
account  privileges  removed  from  your  user 
accounts.  This  is  so  that  you  don’t  have  any 
unfair  advantages  above  and  beyond  the  nor¬ 
mal  jdoe  user.  Next,  come  up  with  an 
attack/hack  plan. 
www.nwdocfinder.com/9540 


Network  management:  Buying  new  soft¬ 
ware  might  not  be  a  top  priority  for  many  IT 
managers  working  to  get  more  from  their  cur¬ 
rent  infrastructure.  But  management  software 
makers  argue  that  their  business  service  man¬ 
agement  (BSM)  products  designed  to  moni¬ 
tor  IT  components  and  automate  actions  so 
as  to  optimize  business  services  become  even 
more  relevant  in  tough  economic  times. 
According  to  Gartner,  the  worldwide  enter¬ 
prise  software  market  will  experience  flat 
growth  in  2009,  seeing  just  a  .3%  uptick  over 
2008.  With  nearly  $222.6  billion  expected  in 
software  revenues  in  the  coming  year,  IT  buy¬ 
ers  are  looking  at  software-as-a-service,  cloud 
and  other  alternatives  to  purchasing  annual 
software  licenses,  Gartner  says. Yet  such  fore¬ 
casts  aren’t  stopping  vendors  such  as  BMC, 
ManageEngine  and  Zyrion  from  separately 
updating  their  software  products  designed  to 
reduce  manual  labor,  speed  problem  resolu¬ 
tion  and  improve  IT  service  delivery  across 
enterprise  and  other  companies.“BMC  is  help¬ 
ing  IT  staff  do  more  with  less  by  reducing 
manual  work,  automating  tasks  and  introduc¬ 
ing  efficiencies  in  IT  operations,”  says  Gerry 
Roy  director  of  solutions  management  for  ser¬ 
vice  support  at  BMC.“Customers  have  to 
reduce  costs  not  just  in  the  tools  they  do 
decide  to  buy  but  also  in  how  they  work.  By 
reducing  the  costs  associated  with  IT  opera¬ 
tions  with  automation  and  service  manage 
ment,  they  can  cut  costs  for  their  companies 


and  potential  invest  savings  in  growth  areas.” 

www.nwdocfinder.com/9527 

SMB:  The  early  adopter  “cloud  crowd”  makes 
the  most  headlines,  but  they’re  only  the  tip  of 
the  small  business  iceberg.  Looking  at  various 
data  storage  vendor  customer  numbers  has 
convinced  me  90%  of  small  businesses  are 
still  mostly  land  (or  LAN)  based.  Some  people 
don’t  yet  trust  Internet  data  storage,  and  some 
like  to  wear  data  storage  suspenders  with 
their  data  storage  belts.The  good  news  for 
both?  Options  for  combo  cloud  and  local 
storage  hybrids  continue  to  grow.  What  do  you 
need  to  do  with  your  files?  Create  them, share 
them,  change  them,  back  them  up,  and 
archive  them  in  regulated  industries. You  can 
do  all  these  things  locally  or  online.  Some 
early  adopter  small  companies  do  everything 
online,  but  most  small  businesses  still  do 
everything  locally  Smart  business  now 
requires  a  mixture  of  local  and  online  data 
storage  to  add  offsite  backup  in  case  of  a  dis¬ 
aster,  and  easy  data  sharing  with  remote 
coworkers  and  business  partners.The  best 
local  and  online  combination  I’ve  seen,  for 
the  last  three  years,  is  FileEngine,  a  small  com¬ 
pany  in  Indianapolis.  Custom  hardware,  in  fire 
engine  red  (the  owner  jokes  it’s  “file  engine” 
red)  provides  local  user  file  storage  much  like 
a  Windows  Server  without  the  Web  and  e-mail 
server  cost  and  complexity. 
www.nwdocfinder.com/9528 
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After  attacks,  Excel  update 
due  from  Microsoft 

Corporate  IT  staffers  will  get  a  double  whammy  this  week, as  both  Microsoft 
and  Oracle  are  set  to  release  critical  security  updates  on  the  same  day 
including  a  likely  fix  for  an  Excel  bug  that  has  been  used  by  cybercriminals. 
As  part  of  its  monthly  Patch  Tuesday  program,  Microsoft  plans  to  release  eight 
updates:  Five  of  them  are  for  Windows,  with  a  single  update  each  for  Internet 
Explorer,  Excel  and  Microsoft’s  Internet  Security  and  Acceleration  server.  Oracle’s 
patches  will  contain  43  security  fixes,  including  16  patches  for  the  company’s  flag¬ 
ship  database  software.There  will  also  be  12  vulnerabilities  patched  in  the  Oracle 
Application  Server,  as  well  as  a  handful  of  fixes  for  the  company’s  E-Business  Suite, 
PeopleSoft  and  JD  Edwards  Suite,  and  for  the  BEA  application  server  suite. 


www.nwdocfinder.com/9548 

Cisco  to  buy  Tidal  Software.  Cisco  will 
pay  approximately  $105  million  in  cash  and 
retention-based  incentives  to  acquire  Tidal 
Software,  a  privately  held  maker  of  application 
management  and  automation  software  for  ser¬ 
vice-oriented  architectures  and  data  centers. 
The  company’s  Intersperse  software  combines 
application  management,  business  process 
tracing  and  run-time  monitoring  across  multi¬ 
ple  application  servers  to  build  a  detailed 
view  of  SOA  applications  and  environments. 
The  software  enables  the  proactive  detection 
of  problems  and  root-cause  analysis, Tidal 
says.  In  some  cases  it  can  help  IT  managers 
create  self-healing  capabilities  in  their  SOA 
deployments.  Cisco  says  Tidal’s  software  will 
help  customers  to  optimize  the  performance 
of  their  business  applications  and  automate 
operations  in  real  time,  which  will  reduce 
operational  costs. 
www.nwdocfinder.com/9549 

Engineer  unemployment  rate  spikes. 

The  unemployment  rate  for  engineering  and 
computer  occupations  is  rising  faster  than  for 
other  professionals,  according  to  the  IEEE, 
which  reports  the  unemployment  rate  for  all 
engineers  jumped  from  2.9%  to  3.9%  from  the 
last  quarter  of  2008  to  the  first  quarter  this 
year. The  IEEE  says  the  numbers  grew  faster 
when  compared  with  the  increase  in  unem¬ 
ployment  for  all  professional  workers  —  from 
3%  to  3.7%  —  over  the  same  timeframe.  And 
perhaps  even  more  worrisome,  the  IEEE  says, 
is  the  increase  of  the  unemployment  rate 
from  1.2%  overall  in  2007  to  nearly  4%  now. 
www.nwdocfinder.com/9550 

Netscape  alums  tackle  cloud  storage. 

A  cloud  storage  start-up  is  entering  the  mar¬ 
ket,  promising  an  enterprise-class  file  system 
with  snapshots,  replication  and  other  fea¬ 
tures  designed  to  simplify  adoption  for  exist¬ 
ing  users  and  applications.  Zetta,  founded  in 
2007  by  veterans  of  Netscape,  emerged  from 
stealth  mode  last  week  with  $11  million  in 


funding  and  Enterprise  Cloud  Storage,  a 
Web-based  storage  platform  that  will  com¬ 
pete  against  Amazon’s  Simple  Storage 
Service  and  a  growing  number  of  cloud  ven¬ 
dors.  Zetta ’s  goal  was  to  build  a  Web-based 
storage  system  that  would  be  accepted  by 
enterprise  IT  professionals  for  storing  prima¬ 
ry  data,  according  to  its  founders  —  who 
include  CEO  Jeff  Treuhaft,  formerly  one  of 
Netscape’s  first  employees,  and  Lou 
Montulli,an  early  Netscape  employee  who 
invented  Web  cookies. 
www.nwdocfinder.com/9551 


ly  unveiled  beta  code  of  the  iPhone  3.0 
operating  system  uncovered  radio  compo¬ 
nent  specifications  that  show  a  shift  to  a  dif¬ 
ferent  Broadcom  Wi-Fi  chip,  the  BCM4329, 
for  a  future  iPod  Touch  model. The  change 
would  be  a  huge  jump  in  performance  for 
users  of  both  devices,  which  now  use  a  Wi-Fi 
chip  that  supports  802.1  lb/g,  with  a  through¬ 
put  of  less  than  25Mbps  on  the  2.4GHz 
band.  But  the  change  would  almost  mean 
having  to  buy  a  new  Touch  or  iPhone  with 
the  802. 1  In  chip,  and  some  observers  say 


Apple  also  needs  to  upgrade  the  CPU  to 
enable  both  handhelds  to  fully  exploit 
802.1  In  performance. 

www.nwdocfinder.com/9552 

HP  automates  management  of 
VMware,  virtualization  systems. 

Updates  to  HP’s  business  service  automation 
suite  are  designed  to  help  customers  cut  the 
cost  of  managing  virtualization  and  improve 
service  quality.  HP  added  new  capabilities  to 
its  Storage  Essentials  and  Operations 
Orchestration  products  and  launched  BSA 
Essentials,  a  set  of  subscription  services  that 
will  provide  access  to  security  alerts  and 
updates  on  regulatory  policies  and  compli¬ 
ance  auditing,  the  company  says.“It  is  diffi¬ 
cult  for  many  enterprises  to  shift  mission- 
critical  virtual  machines  from  one  physical 
system  to  another  during  a  hardware  failure 
or  upgrade  because  while  their  server  stacks 
may  be  mobile,  the  network  connections  to 
[storage-area  networks]  .databases  and  other 
legacy  systems  may  not  be  mobile. That’s 
why  HP  is  trying  to  make  their  other  man¬ 
agement  products  more  virtual  machine- 
aware,”  says  Jasmine  Noel,  principal  analyst 
and  co-founder  at  Ptak,  Noel  &  Associates. 
www.nwdocfinder.com/9553 

IBM  lights  online  collaboration  ser¬ 
vices.  IBM/Lotus  has  launched  the  first 
major  piece  of  its  LotusLive  online  strategy 
its  biggest  move  yet  to  deliver  collaboration 
services  online  to  corporate  users.The  com¬ 
pany  went  live  last  week  with  LotusLive 
Engage,  a  bundle  of  services  that  includes 
instant  messaging,  Web  conferencing,  file 
sharing  and  lightweight  project  manage¬ 
ment.  Engage  is  priced  between  $15  and  $55 
per  month  per  user  depending  on  which  ser¬ 
vices  are  used.  It  will  be  followed  with  an 
online  e-mail  service  based  on  technology 
IBM  acquired  when  it  bought  Outblaze  ear¬ 
lier  this  year.  Other  services  also  are  slated 
for  release  this  year,  but  IBM/Lotus  officials 
would  not  detail  what  functionality  they 
will  provide. 

www.nwdocfinder.com/9554 

Salesforce.com  releases  no-cost 
‘lite’  mobile  application. 

Salesforce.com  unveiled  a  mobile 
application  that  is  available  to  all  users 
at  no  charge.  Salesforce.com  Mobile  Lite  is 
not  as  full-featured  as  the  on-demand  CRM 
vendor’s  full-fledged  mobile  application 
(which  is  included  with  an  unlimited  sub¬ 
scription  but  costs  an  extra  $50  per  user  per 
month  for  professional  and  enterprise  edi¬ 
tion  subscribers).  For  example,  while  Mobile 
Lite  users  can  look  at  accounts  and  respond 
to  leads,  the  application  doesn’t  support  cus¬ 
tom  objects.  Mobile  Lite  will  initially  support 
iPhone,  BlackBerry  and  Windows  Mobile. 
www.nwdocfinder.com/9555 


Apple  seen  readying  huge  Wi-Fi  boost 
for  iPod  Touch,  iPhone.  Apple 
seems  to  be  laying  the  ground¬ 
work  to  introduce  high-capacity 
low-power  802. 1  In  Wi-Fi  to  the 
iPod  Touch,  and  presumably  to  its 
3G-enabled  companion, the 
iPhone.  Programmers  sifting 
through  the  recent- 
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NEWS  ANALYSIS 


Sun  messed  up  IBM  deal 


BY  JON  BRODKIN 

With  IBM/Sun  negotiations  reportedly  at  a 
standstill,  a  consensus  seems  to  be  emerging 
among  industry  analysts:  Sun  has  made  a 
colossal  mistake  in  turning  down  IBM’s  $7  bil¬ 
lion  acquisition  offer. 

“My  first  thought  was,  IBM  threw  Sun  a  rope. 
They  used  it  to  make  a  noose, ’’Annex  Research 
analyst  Bob  Djurdjevic  writes  in  an  e-mail. 

IBM/Sun  merger  talks  collapsed  after  “dis¬ 
putes  over  millions  of  dollars  of  payout  to  Sun 
executives,  in  addition  to  the  takeover  price 
and  conditions  attached  to  the  deal,”  the 
Bloomberg  news  service  reported  last  week. 
Sun’s  board  is  expected  to  meet  on  Wednesday 
to  discuss  the  unraveling  of  the  deal  and  what 
comes  next,  Bloomberg  also  reported. 

“If  it  is  indeed  true  that  the  Sun  Board  turned 
down  the  IBM  offer  because  they  thought  a 
100%  premium  on  the  value  of  their  listing 
ship  was  too  low  a  price  in  the  midst  of  an 
economic  storm,  then  Sun  deserves  to  go 
down,”  Djurdjevic  says.“And  to  go  down  in  the 
history  of  IT  as  yet  another  company  that  let 
pride  get  in  the  way  of  good  judgment.” 

“Pure  insanity”  is  the  phrase  used  by  Enter¬ 
prise  Strategy  Group  analyst  Brian  Babineau 
to  describe  Sun  turning  down  the  premium 
offered  by  IBM. 

While  Sun  has  many  interesting  technology 
divisions,  including  servers,  storage,  Java  and 
other  software,  the  company  has  consistently 
failed  to  turn  a  profit  and  analysts  are  largely 
pessimistic  that  it  can  execute  a  successful 
turnaround  on  its  own. 

Analyst  Judith  Hurwitz  notes  in  her  blog  that 
rumors  have  Sun  Chairman  and  co-founder 
Scott  McNealy  taking  the  company  over  from 
current  CEO  Jonathan  Schwartz.  It  worked  for 
Steve  Jobs  and  Apple,  but  Sun  has  failed  to 
gain  leadership  roles  in  both  the  hardware 
and  software  markets  and  probably  will  not 
have  a  good  future  as  an  independent  com¬ 
pany  she  writes. 

According  to  Bloomberg,  Schwartz  and  Mc¬ 
Nealy  both  have  contracts  guaranteeing  them 
three  times  their  annual  pay  in  salaries  and 
bonuses  if  Sun  is  acquired.  IBM  did  not  want 
to  make  such  payments  to  the  executives, 
Bloomberg  reported,  citing  anonymous 
sources.  Sun  objected  to  IBM  wanting  too 
much  control  over  Sun’s  projects  and  employ¬ 
ees  before  the  closing  of  a  deal,  and  wanted 
greater  assurance  from  IBM  that  it  would  com¬ 
plete  the  transaction  even  if  it  faced  antitrust 
review,  Bloomberg  reported. 

Sun  has  not  commented  about  the  rumored 
acquisition  but  issued  a  statement  to  Reuters 
saying  the  company  “is  committed  to  its  lead¬ 
ership  team,  growth  strategy  and  building 
value  for  its  shareholders.” 

Despite  Sun’s  reassurances,  Babineau  specu¬ 
lated  that  the  failed  talks  could  lead  to  a 


Yahoo-esque  “shareholder  revolt”  in  which 
investors  force  Sun  to  make  leadership 
changes. 

Shareholder-filed  lawsuits  are  a  possibility  if 
Sun  can’t  turn  itself  around,  other  analysts 
were  quoted  as  saying  in  a  San  Francisco 
Chronicle  story 

“We  question  management’s  ability  to  do  a 
successful  turnaround  on  their  own,”  Bill 
Kreher,  a  technology  analyst  with  Edward 
Jones,  told  the  Chronicle. “The  transition  is  chal¬ 
lenging  and  is  taking  longer  than  expected.” 

Network  World  readers  weighed  in  on  the 
failed  IBM/Sun  talks  as  well,  speculating  that 
companies  such  as  Cisco,  Oracle  or  Apple 
might  be  interested  in  purchasing  Sun. 

“With  the  amount  of  flirting  Cisco  has  been 
doing  beyond  their  core  traditional  network¬ 
ing  technologies  of  late,  it  would  seem  in  my 
eyes  that  the  acquisition  of  Sun  by  Cisco  would 
be  a  logical  one  and  would  bring  Cisco  on  a 
par  with  HP  IBM  and  Dell  in  one  fell  swoop,” 
one  reader  said  in  response  to  the  Network 
World  story  “Collapse  of  IBM/Sun  deal  could 
leave  Sun  without  a  suitor,  analysts  sa/ 

One  reader  called  Sun  a  “great  company 
with  bad  marketing.”  Another  reader  said  it’s 
too  easy  to  blame  marketing  and  sales  for  the 
failures  of  a  technology  company 

“‘Great  products  is  the  engineering  way  of 
thinking  ‘If  we  build  it,  they  will  come,’”  the 
reader  commented. “Doesn’t  work  in  baseball 
either.  Silicon  Valley  is  littered  with  the  car¬ 
casses  of  ‘great  product’  companies  that  didn’t 
offer  real  value  to  customers.”  ■ 


Sun’s  numbers 

Sun  reportedly  rebuffed  IBM’s  offer 
of  $9.10  to  $9.40  per  share — though 
Sun’s  stock  was  trading  in  the  $4  to  $5 
range  in  March,  before  news  of  IBM's 
offer  surfaced.  Revenue  and  profit 
numbers  for  the  last  four  quarters 
(ending  with  Sun's  fiscal  2009  second 
quarter,  which  closed  Dec.  28) 
illustrate  Sun’s  ongoing  struggles. 


Revenue  in  billions 


Q308  Q4  08  Q1 09  Q209 


Net  income  in  millions  and  billions 


$88  M 


Q3  08  Q408  Q109  Q2  09 


10  Twitter  tips  from 
early  federal  adopters 


BY  CAROLYN  DUFFY  MARSAN 

Having  trouble  convincing  your  boss  that 
Twitter  isn’t  a  waste  of  time?  TTien  you  might 
find  it  interesting  to  learn  that  social  media 
evangelists  across  the  U.S.  federal  government 
are  blasting  out  Tweets  several  times  a  day  to 
their  constituents.  Here  are  their  suggestions 
for  how  to  integrate  new  media  tools  into  a 
large,  old-fashioned  bureaucracy: 

Identify  a  business  problem  you  are 
trying  to  solve. 

I  “You  really  want  to  focus  on  the  busi¬ 
ness  problem  you  are  trying  to  solve  and  the 
communities  you  need  to  engage  to  help  you 
solve  that  problem,”  advises  Lena  Trudeau,  pro¬ 
gram  area  director  for  the  National  Academy 
of  Public  Administration.  “You  need  to  make 


the  value  proposition  clear,  so  the  people  who 
engage  get  something  out  of  the  process.” 

The  Defense  Information  Systems  Agency  for 
example,  uses  a  commercial  mash-up  tool 
from  JackBe  to  allow  military  commanders  to 
create  real-time  feeds  using  information  from 
many  disparate  sources,  says  DISA  CTO  Dave 
Mihelcic.  The  Web  2.0  software  solves  a  real- 
world  problem  for  military  commanders.  “If 
senior  leaders  and  decision-makers  can  get  a 
common  visual  depiction  of  a  situation,  it  will 
be  easier  for  them  to  synchronize  their  deci¬ 
sions,”  Mihelcic  explains. 

2  Get  buy-in  from  management. 
Involve  all  of  the  key  stakeholders: 
|  the  people  who  have  the  informa- 

See  Twitter,  page  32 
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Netbook 

continued  from  page  1 

Each  student  was  creating  a  report  on  one  of 
the  U.S.  states.  Via  the  netbooks’  integrated 
802.1  lg  Wi-Fi  radio,  they  linked  to  the  WLAN  to 
access  the  Internet,  surfing  for  statistics  and 
other  data, photographs  and  even  audio  files  of 
the  state  bird  chirping. They  pulled  all  this  into 
Microsoft  Publish,  creating  their  multimedia 
reports  that  were  posted  to  their  personal  sites 
on  the  school’s  SharePoint  server,  where  each 
report  could  be  viewed  by  teachers. 

“I  would  guess  that  50%  or  more  of  the  time 
they’re  on  the  netbook,  they’re  accessing  the 
Internet,”  Madden  says. 

Although  the  Fresno  students  aren’t  yet 
carrying  the  netbooks  around  (generally, 
the  devices  are  assigned  to  classrooms, 
where  they’re  shared  by  students),  they 
work  in  and  through  a  pervasive  wireless 
network  and  are  always  connected.  And 
Madden  notes  that  the  school’s  PCs  now 
have  fewer  native  applications  than  ever 
before,  because  so  much  of  the  processing, 
data,  storage  and  applications  are  online. 
That  means  that  users  need  something 
much  less  than  a  full-blown  notebook  PC  to 
work, study,  collaborate  and  entertain. 

The  online  enterprise 

That’s  a  model  that  fits  with  corporate  com¬ 
puting  trends,  according  to  analysts.  Mobile 
users  typically  need  access  to  resources  on  the 
corporate  network,  and  increasingly  to 
resources  on  the  Web.  Desktop  virtualization, 
which  centralizes  desktop  applications  for 
more  cost-effective  management  and 
improved  security  is  a  related  trend  that  is,  in 
effect,  offloading  tasks  and  applications  that 
previously  ran  on  the  notebook. 

“These  netbooks  are  comparable  to  a  2003 
notebook”  in  performance,  says  Rob  Enderle, 
principal  analyst  for  Enderle  Group,  which 
focuses  on  personal  technology  products. 
“People  woke  up  and  said,  ‘well,  that’s  good 
enough.’” 

For  some  enterprise  users  and  their  applica¬ 
tion  requirements,  netbooks’  portability  and 
price  will  be  compelling.  But  potential  cus¬ 
tomers  may  want  to  wait  for  a  few  months  to 
buy  one. 

The  most  recent  netbook  introductions 
make  some  of  the  products  seem  almost  indis¬ 
tinguishable  from  the  very  low-end  traditional 
notebook  PCs.  Bigger  screens,  but  none  yet 
reaching  12  inches,  bigger  hard  drives,  more 
weight  for  longer-running  high-capacity  batter¬ 
ies  and  so  on, and  price  tags  well  over  $500.  But 
even  so,  if  you  need  a  notebook’s  raw  power, 
screen  size  or  keyboard,  you  won’t  get  it  on  a 
netbook. 

“Netbooks  as  currently  specified  are  not 
capable  of  full,  rich  multimedia  perfor¬ 
mance,"  says  Andrew  Borg,  senior  research 
analyst  for  wireless  and  mobility,  with 
Aberdeen  Group.  “The  CPUs  are  not  multi- 
cored  or  multi-threading.  They’re  underpow- 


NETBOOK  SALES  SOARING 

Netbooks  were  a  major  force  in 
laptop  sales  in  2008,  pushing  the 
growth  rate  up  by  roughly  one- 
third,  according  to  NPD.  The  unit 
growth  rate  for  laptops  overall  was 
16%  not  counting  netbooks.  But 
when  you  count  netbooks,  that 
jumped  to  21%.  Shipments  of  low- 
cost  7-  to  12-inch  netbook  displays 
were  13.1  million  in  2008,  according 
to  iSuppli,  which  forecasts  a  jump 
to  47.4  million  in  2012. 


ered.  Any  kind  of  video  processing  is  beyond 
them.  Unfortunately  these  are  often  require¬ 
ments  in  the  enterprise.” 

But  12  months  from  now,  the  landscape  will 
be  dramatically  different,  he  says,  .starting  late 
in  2009. “We  look  forward  to  another  round  of 
netbooks  coming  that  will  be  much  less  likely 
to  disappoint  enterprise  users,”  Borg  says.  New 
CPUs,  including  new  version  of  Intel’s  Atom 
CPU  but  also  upcoming  ARM-based  rivals  such 
as  Qualcomm’s  SnapDragon  processor,  with 
much  higher  clock  speeds  and  multi-thread¬ 
ing,  will  boost  performance  and  cut  power 
demands.  Solid  state  drives  will  keep  dropping 
in  price.  And  Windows  7,  specifically  tuned  for 
netbooks,  will  be  available. ‘A  device  with  this 
profile,  for  under  $400,  could  take  off  like  wild¬ 
fire,”  Borg  says. 

“Wildfire”  also  describes  the  intense  specula¬ 
tion  that  Apple  will  introduce  a  Mac  netbook. 

The  next  generation  of  netbooks  will  create  a 
more  truly  mobile  user  experience,  says  Jeff 
Chu,  mobile  computing  product  manager  for 
ARM  Holdings,  which  provides  the  intellectual 
property  that  is  realized  in  silicon  products 
from  more  than  200  chip  companies.  The  new 
ARM-based  chips  will  be  highly  integrated, 
minimizing  or  eliminating  boot-up  waits  and 
extending  battery  lifetimes  to  as  much  as  sev¬ 
eral  days,  according  to  Chu. 

Netbook  challenges,  tradeoffs 

“There  is  an  enterprise  play  for  netbooks,” 
says  Mort  Rosenthal,  CEO  of  Enterprise 
Mobile,  a  Microsoft-backed  company  that 
specializes  in  large-scale  mobile  deploy¬ 
ments  based  on  Windows  and  Windows 
Mobile  clients.  “But  it  does  have  some  inter¬ 
esting  problems.” 

While  the  current  crop  of  netbooks  over¬ 
whelmingly  run  Windows  XR  which  Microsoft 
has  reprieved  for  this  segment  because  Vista 
performed  dismally  on  them,  many  of  the  net- 
books  run  XP  Home, “which  is  sub-optimal  for 
the  enterprise,”  Rosenthal  says. 

Enterprises  should  look  for  XP  Professional 
until  Windows  7  is  released.  Microsoft  made 
unplanned  “engineering  investments”  in 
Windows  7  specifically  for  netbooks:  reducing 


the  operating  system  footprint,  speeding  boot¬ 
up  and  shut-down  times, enhancing  battery  life 
and  multimedia  capabilities. 

For  now,  corporate  customers  can  expect  less 
configuration  flexibility  with  netbooks  than 
with  notebooks,  until  vendors  are  able  to  deliv¬ 
er  hardware  and  software  builds  targeted  at  the 
enterprise  market. 

A  number  of  the  first  netbooks  were  Linux- 
based  and  they  still  hold  a  fair  share  of  the 
market,  but  experts  say  that  number  could 
shrink.  More  recently,  there  has  been  specula¬ 
tion  that  the  Android  operating  system,  pushed 
by  Google  and  the  Open  Handset  Alliance, 
would  be  offered  on  future  netbooks. 

Netbooks  aimed  at  the  enterprise  need  to  do 
more  about  device  security  according  to 
Enderle.  They  should  include  a  cryptoproces¬ 
sor  based  on  the  Trusted  Platform  Module 
specification  for  securely  creating,  storing  and 
managing  encryption  keys  on  a  device,  and 
some  kind  of  biometric  reader  or  similar 
access  security  he  says. 

Windows  XP  and  future  Windows  7  devices 
should,  by  definition,  be  able  to  participate  in 
Windows  management  and  security  infrastruc¬ 
tures. 

Enderle  argues  that  Intel  and  Microsoft  artifi¬ 
cially  are  constraining  netbook  screen  sizes. 
But  an  HP  executive  says  it’s  really  all  about  a 
complex  set  of  trade-offs.  “When  you  go  to  a 
bigger  screen,  you  add  more  weight,  and  often 
more  cost,”  says  Carol  Hess-Nickels,  director  of 
worldwide  business  notebook  marketing  for 
HP  “We  want  to  stay  at  a  nice  low-end  price 
point.” 

All  wireless,  all  the  time 

Though  most  netbooks  have  an  Ethernet 
jack,  they’re  really  designed  as  wireless 
devices,  sometimes  with  integrated  802.11  Wi¬ 
Fi  (with  802.1  In  becoming  more  common), 
Bluetooth  and  a  cellular  radio.  Some  analysts 
expect  some  models  will  be  introduced  with 
WiMAX  support. 

For  enterprises,  the  cellular  option  is  fraught 
with  problems,  even  as  carriers  eagerly 
embrace  netbooks.  AT&T  just  announced  a 
special  offer  for  a  $49  netbook  if  users  sign  up 
for  a  two-year  data  contract.  But  carriers  are 
lagging  in  creating  a  smooth  activation 
process,  Enterprise  Mobile’s  Rosenthal  says. 

The  company  bought  two  netbooks,  which 
he  won’t  name,  both  with  embedded  cellular 
cards.  In  one  case,  the  manufacturer  was  to 
start  the  activation  process  and  then  pass  it 
over  to  the  carrier.  “That  pass  didn’t  work,” 
Rosenthal  says.  When  the  user  called  the  car¬ 
rier  to  confirm  the  contract  agreement,  the 
carrier  representative  “didn’t  even  know  what 
to  do  with  the  call,”  he  says.  In  the  second 
case,  the  netbook  was  bought  at  Radio 
Shack,  where  a  staffer  worked  diligently  and 
hard.  But  the  process  still  took  two  and  a  half 
hours  to  complete. 

Carriers  will  need  to  invest  in  streamlining 
these  practices  and  improving  support  for  their 
enterprise  customers.^ 
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Microsoft  dominates  netbooks 

But  Linux  developers  not  lying  down 


BY  JOHN  FONTANA 

Microsoft’s  chest  thumping  last  week  over  its 
96%  share  of  the  U.S.  netbook  market  for 
February  doesn’t  appear  to  be  just  its  normal 
bravado  as  the  company  also  is  charging 
toward  dominance  on  a  global  front. 

According  to  statistics  from  1DC,  Microsoft 
owned  76%  of  the  global  netbook  market  in 
2008  and  that  number  will  only  get  bigger  in 
the  coming  years. 

In  2008,  Linux  came  in  with  a  share  of  24% 
and  IDC  predicts  that  number  will  be  in  the  sin¬ 
gle  digits  come  year-end. 

Globally,  IDC  says  10  million  netbooks 
shipped  in  2008.  That  number  is  expected  to 
double  this  year  and  grow  by  25%  in  2010. 

The  result  would  seem  to  be  another  market 
where  Microsoft  dominates. 

The  only  developments  that  may  derail  the 
juggernaut  are  mobile  device  chips,  namely 
the  ARM  processor,  that  will  be  the  platform  for 
Google’s  Android  operating  system, 
Canonical’s  Ubuntu  and  other  Linux  distribu¬ 
tions.  Netbooks  with  those  configurations  are 
slated  to  hit  the  market  in  the  second  half  of 
2009.  In  addition,  the  Moblin  open  source  pro¬ 
ject  is  focusing  its  platform  efforts  on  netbooks 


and  mobile  devices. 

Those  developments  could  bring  Linux- 
based  operating  systems  a  bigger  share  of  the 
netbook  market,  but  they  will  need  one 
important  ingredient  that  Microsoft  has  in 
spades. “The  advantage  for  the  Windows  plat¬ 
form  is  that  it  has  a  lot  of  developers  and  a  lot 
of  applications,” says  Richard  Shim, an  analyst 
with  IDC. 

Shim  says  the  dynamics  could  change  if  the 
non-Windows  platforms  attract  a  decent 
amount  of  developers  who  create  a  number  of 
must-have  applications  that  run  on  alternative 
platforms. 

“Obviously  that  would  change  the  game,” 
Shim  says. 

Online  services,  such  as  e-mail  and  social 
networking,  could  be  another  driver  as  users 
install  fewer,  if  any,  applications  on  their 
machines. 

Some  also  point  out  that  the  buyer  should 
beware  of  the  true  costs  of  Windows  netbooks. 
But  others  say  the  fact  that  the  industry  has  no 
solid  definition  for  the  value  of  a  netbook  will 
help  Windows  maintain  its  lead. 

The  netbook  is  stuck  in  limbo  between  the 
ultra-convenience  and  voice  capabilities  of  the 


smartphone  and  the  power  and  full  screen  and 
keyboard  size  of  a  laptop. 

“Netbooks  will  continue  to  be  small,  low-cost 
entry  products  and  people  won’t  see  them  as 
some  new  product  category  but  as  small  note¬ 
books,”  says  Stephen  Baker,  vice  president  of 
industry  analysis  for  market  research  firm  NPD 
Group. 

It  was  NPD’s  research  that  Microsoft  cited  last 
week  when  it  said  it  owned  96%  of  the  U.S.  net- 
book  market  in  February 

Baker  says  the  combination  of  the  forthcom¬ 
ing  Windows  7  and  the  perception  that  net- 
books  are  smaller  versions  of  PCs  will  wipe  out 
the  notion  that  the  netbook  is  something  dif¬ 
ferent  from  a  PC. 

“In  the  long  term,  the  netbook  will  be  the 
entry-level  of  the  PC  market,”  Baker  says.  “As 
long  as  they  are  marketed  and  sold  to  people 
as  PCs  it  is  going  to  be  hard  to  change  that 
mindset.  And  for  a  lot  of  consumers  the  PC 
platform  is  Windows.  Despite  its  flaws,  it  is 
something  they  have  been  using.” 

And  IDC  says  consumers  will  have  a  major 
hand  in  deciding  the  fate  and  definition  of  the 
netbook.  In  2008,  80%  of  netbooks  were  pur¬ 
chased  by  consumers.* 
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Read  a  story  online  (www.nwdocfinder.com/9542)  on  how  Northeastern 
University  students  work  to  solve  ‘real-world’  engineering  problems. 


Willmer,  executive  director  of  Robert  Half  Technology 
an  IT  staffing  and  placement  firm. “Companies  are  less 
concerned  about  attracting  [younger]  talent  because 
they’re  hiring  less.” 

Julian  Byron,  a  26-year-old  Web  project  manager  for 
a  digital  publishing  company  in  Washington,  D.C., says 
it  would  probably  be  tougher  to  land  his  job  today 
than  it  was  a  year  ago  when  he  was  hired  because  of 
his  age.  Now  in  the  hiring  seat  himself,  Byron  sees  a 
shift  from  a  year  ago  when  job  applicants  had  more 
leverage. 

“We  know  as  employers  that  it’s  tough  for  applicants 
to  find  jobs;  1  definitely  feel  more  empowered  when 
hiring  now  than  I  did  before  the  recession,”  he  says. 

This  generation  is  often  described  as  spoiled,  having 
been  raised  by  “helicopter”  parents  who  hovered  over 
their  children  during  their  formative  years.  When  com¬ 
panies  began  bending  corporate  rules  to  let  employ¬ 
ees  use  their  own  cell  phones  and  laptops  for  work,  or 
grant  access  to  social  networking  sites  such  as  Face- 
book  despite  potential  security  concerns,  that  stereo¬ 
type  was  reinforced. 

But  despite  preconceptions,  observers  say  Gen  Yers 
have  a  lot  to  offer  a  corporation. 

“The  key  word  is  innovative;  Gen  Y  has  shown  us  the  importance  of 
things  like  social  networking  and  podcasting,  so  it’s  not  just  technolo¬ 
gy,  it’s  innovation”  that  this  generation  brings  to  a  corporation,  Robert 
Half  Technology’s  Willmer  says. 

At  Fortegra  Financial,  a  financial  services  firm  in  Jacksonville,  Fla., 
CIO  and  Vice  President  Kirk  Hale  still  seeks  out  GenY  workers  to  staff 
his  27-person  IT  department,  even  though  there  may  be  more  experi¬ 
enced  candidates  available. 

“Even  at  the  help  desk  level,  Gen  Y  is  welcome.They’re  going  to  walk 
in  and  be  excited  about  supporting  iPhones  and  instant  messaging,” 
Hale  says.“They  speak  that  language,  so  across  the  board  [hiring  Gen 
Yers]  is  a  welcome  opportunity’ 


However,  Hale  admits  this  generation  can  be  challenging  to  man¬ 
age.  For  example,  Hale  has  had  to  hold  more  frequent  performance  re¬ 
views  than  the  annual  one  his  company  has  traditionally  performed, 
in  order  to  satisfy  younger  workers’  need  for  more  consistent  feed- 
back.“We  have  to  celebrate  the  little  wins  more  often,”  he  says. 

And  he  has  to  answer  more  questions.  Gen  Y  workers  are  most  moti¬ 
vated  when  they  know  why  they  are  doing  something,  Hale  says;  they 
want  to  know  what’s  in  it  for  them, so  he’s  had  to  become  more  trans¬ 
parent  in  his  communication. 

“But  that’s  helped  our  company  on  a  much  more  global  basis,”  he 
says.  “The  things  we’ve  had  to  change  to  accommodate  the  newer 
generation  is  having  a  much  wider  and  more  positive  impact  on  the 
company”  ■ 


Five  ways  Gen  Y  job  seekers  can  stand  out 


Stress  comfort  with  technology,  demonstrable  skills 


Generation  Y  job  candidates  have  a  lot 
of  selling  to  do  these  days.  Because 
of  the  recession,  these  young  work¬ 
ers  are  competing  not  only  with  each  other, 
but  also  with  older,  more  experienced  can¬ 
didates.  Below  are  a  few  ways  Gen  Yers 
can  fill  the  gaps  in  their  resumes  to  put 
them  on  more  equal  footing: 

•  During  an  interview,  shift  the  conver¬ 
sation  away  from  lack  of  experience  to 
demonstrable  skills.  If  you  were  involved  in 
a  technology  project,  even  if  it  was  while  at 
a  university,  during  an  internship,  or  as  un¬ 
paid  work  for  a  nonprofit,  the  skills  re¬ 
quired  to  complete  the  project  still  count. 
Focus  on  the  project  completed  instead  of 
the  lack  of  corporate  experience. 

•  If  you  don’t  have  demonstrable  skills 


related  to  the  job  you’d  like,  consider  certi¬ 
fication.  “For  IT  specifically,  lack  of§xperi- 
ence  can  often  be  compensated  for  with 
certification,”  says  Julian  Byron, Web  pro¬ 
ject  manager  with  a  digital  publishing  com¬ 
pany  in  Washington,  D.C.  "It’s  a  good  in¬ 
vestment,  specifically  if  a  Gen  Yer  only  had 
a  year  or  less  of  [work]  experience. 

Getting  certified  can  really  build  that  up.” 

•  Stress  your  comfort  with  change.  "Gen 
Y  thrives  on  change,  and  there's  no  deny¬ 
ing  we’re  in  a  period  of  change  with  corp<j| 
rate  restructuring,”  says  Dave  Willmer, 
executive  director  of  Robert  HalfTechnol- 
ogy,  an  IT  staffing  and  placement  firm. 
"GenY  might  thrive  when  a  company  is 
doing  technology  updates,  vs.  someone 
more  senior  who  might  not.” 
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•  Play  up  your  technology  skills,  espe¬ 
cially  in  new  media  and  social  network¬ 
ing.  Fortegha  Financial,  a  financial  ser¬ 
vices  firm  in  Jacksonville,  Fla.,  looks  for 
GenY  job  candidates  because  of  their 
comfort  level  with  new  technologies. 
“They  speak  that  language  much  more 
fluently  than  the  traditional  or  legacy 
employee,"  says  Kirk  Hale,  vice  president 
and  CIO.  “We  found  it's  more  expeditious 
to  acquire  that  talent  than  to  try  and 
develop  that  talent." 

•  Network  with  people  in  the  company  or 
industry  you’d  like  to  be  in.  Many  employ¬ 
ers  will  move  the  resume  of  a  job  candi¬ 
date  with  a  referral  from  a  current 
employee  to  the  top  of  the  stack. 

—  CARA  GARRETSON 
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The  right  video  network  can  take  you  anywhere 


How  far  can  your  corporate  network  take  you? 

Now  more  than  ever  businesses  must  reduce  costs  while  staying  connected  with  customers,  prospects,  partners  and  colleagues. 
But  their  investments  in  high-definition  conferencing  equipment  are  being  undermined  by  the  limited  capabilities  of  their  existing 
network  providers.  MASERGY’s  global  IP  MPLS  network  is  engineered  specifically  to  support  real-time  applications,  even  across 
a  converged  corporate  network.  MASERGY  guarantees  100%  packet  delivery  for  global  voice  and  video  traffic  between  all  office 
locations,  supported  with  advanced  customer-controlled  network  management  capabilities  launched  at  the  click  of  a  mouse. 
So  whether  your  company  is  seeking  to  reduce  travel  budgets,  sales  cycles,  time  to  market  or  carbon  footprints,  MASERGY  will 
help  you  get  there. 
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1-800-MASERGY  masergy.com 
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TECH  UPDATE 

An  inside  look  at  technologies  and  standards 


ite-perimeterization,  Part  2 

Application  visibility  and  control  enables  IT  to  say  'yes'  to  the  business 


BY  CHRIS  KING 

In  Part  1  of  this  article  (www.nwdocfinder.com/9547)  we  examined 
how  enterprises  could  gain  application  visibility  and  control  to 
accommodate  programs  hosted  outside  the  enterprise,  and  where  they 
might  implement  that. 


By  deconstructing  traffic  (detecting  and  de¬ 
crypting,  decoding  and  de-tunneling),  organi¬ 
zations  can  deduce  what  applications  are  on 
their  networks. That  requires  being  able  to  see 
all  traffic  because  applications  don’t  corre¬ 
spond  to  ports  anymore,  and  to  exert  control 
these  functions  must  be  done  in  line.  The  best 
place  to  do  this  is  at  the  firewall  —  it  sees  all 
traffic,  demarcates  the  trust  boundary  and  can 
enforce  policy  But  the  traditional  enterprise 
firewall  needs  a  serious  overhaul  to  perform 
these  functions. 

On  to  Part  2.  If  organizations  (and  security 
vendors)  can  regain  application  visibility  and 
control  the  right  way  enterprises  will  realize 
additional  benefits:  finegrained  application 
control,  user-based  policies  and  reporting  and 
better  content  scanning.  All  of  this  adds  up  to 
the  ability  to  have  a  more  meaningful  conver¬ 
sation  with  the  business  —  focused  on 
enabling  applications,  users  and  appropriate 
content,  rather  than  just  saying, “no”. 

Applications  aren’t  threats.  As  described  in 
Part  1 ,  controlling  applications  is  simple: 

•  Block  undesirable  applications. 

•  Safely  enable  good  applications. 

•  Restrict  risky  application  features  by  policy 
(even  questionable  apps  may  have  business 
value). 

•  Ensure  less  important  applications  don’t 
hurt  more  important  ones. 

The  above  presumes  that  the  network  profes¬ 
sional  knows  what  each  application  is,  under¬ 
stands  its  relevance  to  the  business  and  how  it 
behaves.  Each  application  or  class  of  applica¬ 
tion  has  to  be  examined  for  benefit/risk.  If  the 
application  provides  high  value  and  little  risk, 
the  answer  is  easy  If  the  application  provides 
high  value  and  high  risk,  the  answer  is  harder, 
and  IT  must  mitigate  the  risks  associated  with 
enabling  the  application. 

The  business  can  articulate  the  value  side  of 
the  equation.  Network  and  security  profession¬ 
als  must  come  to  the  table  knowing  the  risks 
the  application  carries: 

•  Can  it  carry  malware? 

•  Does  it  chew  up  bandwidth? 

•  Does  it  tunnel  other  applications? 

•  Are  there  vulnerabilities  associated  with  it? 

The  main  point  is  that  applications  need  pol¬ 
icy  control,  not  the  “find  it  and  kill  it”  mentality 


reserved  for  malicious  content. 

Beyond  that,  there  is  application  prioritiza¬ 
tion.  Enterprises  should,  as  part  of  application 
control,  ensure  that  necessary  applications 
aren’t  slowed  or  squeezed  out  by  acceptable 
applications. 

Bring  users  into  view 

In  most  enterprises,  when  talk  turns  to  appli¬ 
cation  use/abuse,  the  next  question  is:  Who  is 
responsible?  Responding  with  an  IP  address  in 
today’s  dynamic  environments  is  useless.  If  you 
can  see  the  specific  application, you  should  be 
able  to  see  the  user  of  that  application. 

Enterprises  have  been  consolidating  users 
into  a  centralized  directory  for  years,  and  many 
have  experienced  a  degree  of  success.  Why  not 
use  that  for  application  control? 

The  first  logical  use  of  user/group  informa¬ 
tion  is  for  reporting  purposes,  such  as  who  is 
using  (or  abusing)  that  particular  application? 
The  second  use  is  more  powerful,  setting  poli¬ 
cy  by  user  or  group. 

Most  organizations  need  to  go  beyond  a 
global,  monolithic  policy;  there’s  a  need  for  a 
finer-grained  approach  to  application  enable¬ 
ment.  For  example,  sales  and  marketing  might 
need  to  use  social  networks  to  market  product, 
or  IT  might  need  to  use  BitTorrent  to  obtain 
Linux  binaries. 

The  point  is  once  you  have  fine-grained  visi¬ 
bility  and  control  of  applications,  you’ll  need  a 
similar  level  of  granularity  of  users.  There  are  a 
few  ways  of  doing  this:  identification  or  authen¬ 
tication. 

Identification  is  easier,  you’re  simply  tying  the 
application  traffic  of  a  logged-in  workstation  to 
the  user  it’s  logged  in  with. There  are  a  couple 
of  ways  to  do  this:  either  sniff  the  login  traffic, 
or  use  real-time  event  data  from  the  enterprise 
directory  Authentication  is  significantly  harder, 
requiring  secure  participation  in  the  authenti¬ 
cation  scheme  (cookies,  NTLM,  Kerberos),  and 
often  necessitating  acting  as  a  proxy  which  has 
its  own  issues. 

High-performance  content  scanning 

Once  you  have  the  ability  to  see  and  control 
specific  applications  by  user,  what  else?  How 
about  content  scanning?  There  are  three  kinds 
of  content  organizations  are  concerned  about: 


malicious  content  (threats),  sensitive  or  confi¬ 
dential  content  (leaks),  and  nonproductive/ 
inappropriate  content.  Functions  such  as  intru¬ 
sion  prevention,  antivirus  and  scanning  for 
confidential  data  can  all  be  lumped  into  “con¬ 
tent  scanning.” 

Traditionally,  disparate  security  appliances 
provide  different  aspects  of  content  scanning 
(unified  threat  management  devices  attempt  to 
wrap  it  all  up,  but  often  perform  poorly).  By 
deconstructing  application  traffic  you’ve  done 
a  significant  portion  of  the  work  of  content 
scanning.  The  major  issue  with  scanning  using 
traditional  approaches  is  that  redundant  steps 
impede  traffic  (deconstruction,  scan  for  ex¬ 
ploits  —  followed  by  another  deconstruction, 
scan  for  viruses,  followed  by  another  decon¬ 
struction, scan  for  confidential  data  and  so  on). 

If  you  insert  a  single  content  scanning  step 
into  the  process  of  determining  the  applica¬ 
tion,  you  can  gain  a  tremendous  amount  of 
security  benefit,  with  very  little  performance 
hit.To  collapse  content  scanning  like  this,  how¬ 
ever,  requires  some  redesign: 

•  The  ability  to  deconstruct  fully  (as 
described  in  Part  1),  not  just  the  minimum 
needed  for  one  type  of  content  scanning. 

•  The  idea  of  collapsing  content  scanning 
suggests  a  single  engine,  and  the  enterprise 
requirement  for  high  performance  dictates  a 
stream-based  engine. 

•  A  consolidated  signature  format  across  the 
various  types  of  content  you’re  scanning  for 
(exploits, malware, confidential  data). 

The  result  is  high-performance  content  scan¬ 
ning.  It  isn’t  perfect  (buffer-based  scanning  can 
sometimes  do  a  more  thorough  job  at  the  cost 
of  introducing  significant  latency),  but  it  can 
perform  well  if  implemented  correctly 

By  doing  application  visibility  and  control 
correctly  enterprise  network  and  security  pro¬ 
fessionals  have  an  opportunity  to  do  something 
that’s  previously  proven  elusive.  By  approaching 
the  business  with  application-  and  user-based 
policies,  and  scanning  content  without  slowing 
down  application  traffic,  network  security  can 
start  being  viewed  as  a  business  enabler,  rather 
than  a  business  impediment. 

King  is  director  of  product  marketing  for  Palo 
Alto  Networks.  He  can  be  reached  at 
cking@paloaltonetworks.  com. 


This  vendor-written  tech  primer  has  been 
edited  by  Network  World  to  eliminate  prod¬ 
uct  promotion,  but  readers  should  note  it 
will  likely  favor  the  submitter's  approach. 
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Less  Work.  More  Profit 

HiPerlink. 


Pre-terminated  Solutions 


Thnsp 

I  I  I  V-xO  V-/  big  name  brand  manufacturers  would  like  you  to 
think  that  their  pre-terminated  solutions  save  you  labor,  therefore 
save  you  money.  The  truth  is,  ICC's  pre-terminated  solutions  are 
consistently  priced  40%  lower  than  most  pre-terminated  suppliers. 
40%  -  that’s  more  than  your  margin!  In  this  economy,  you  can  not 
afford  to  pass  up  that  kind  of  savings.  It  could  mean  winning  or  losing 
the  job.  How  do  we  do  this?  Simple,  we  make  our  own  cables  and 
we  don’t  put  high  markups  on  them  like  others  do. 


Don’t  believe  us? 


a 

Call  888-ASK-4-ICC  extension  4000  and  ask  for  a  quote. 

ICC 7 


Go  on-line  www.icc.com/hiperlink 


✓  Plug  and  Play 

Install  CAT  6A,  CAT  6,  and  CAT  5e  pre-terminated  solutions 
right  out  of  the  box  with  no  sweat  and  no  hassle. 


✓  Modular  and  Flexible 

ICC’s  plug  and  play  cassettes  come  with  a  twist.,.they’re 
modular.  Other  supplier’s  plug  and  play  cassettes  are 
fixed.  With  ICC,  you  can  easily  change  or  move  modules 
from  the  cassette  after  installation.  You  can  also  order  any 
color  modules  you  prefer;  blue,  red,  orange,  yellow  or  even 
purple.  There  are  ten  different  colors  to  choose  from. 


✓  End-to-End  Warranty 

ICC  offers  up  to  Lifetime  Warranty  for  an  end-to-end 
pre-terminated  system  because  we  use  our  own  cables 


and  modular  connectors. 


✓  Cost  40%  Less  Than  Other  Big  Brand  Suppliers 

With  all  these  benefits,  ICC’s  pre-terminated  solutions  still 
have  the  lowest  price  within  the  industry. 
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Analyzing  Twitter  with  Excel,  Part  2 


Mark  Gibbs 


o,  last  week  I  set  myself  a  problem:  Use 
Microsoft  Excel  to  capture  Twitter  messages 
that  mention  the  word  “rovio”,  pretending 
that  I  worked  for  the  company  that  makes  the 
Rovio  Wi-Fi-controlled  camera  and  I  wanted  to 
GEARHEAD  see  what  people  were  saying  about  it. 

I  set  this  all  up  to  demonstrate  Excel’s  XML 
Maps  feature.  The  concept  was  to  define  an 
XML  Map  that  retrieved  XML  data  from  Twitter’s 
search  feature.This  feature  offers  to  generate  for  your  queries  a  news 
syndication  feed  in  Atom  format.  This  is,  in  theory,  great  as  Atom  is  a 
format  that  Excel  understands.  But  I  discovered  it  didn’t  work  as  1  had 
expected. 

If  you  recall,  the  feed  URL  as  provided  by  Twitter  was:  http://search.twit- 
ter.com/search.atom?q=+rovio+since%3A2009-03-01+until%3A2009-03- 
25. 1  modified  this  as  Excel  didn’t  want  anything  to  do  with  it  (the  error 
reporting  in  XML  Maps  is,  to  say  the  least,  poor). 

1  found  that  by  replacing  the  Vs  (which  stand  for  spaces  in  a  URL  en¬ 
coded  string)  with  “&”s  (which  separate  variable/value  pairs  in  HTTP 
GET  requests)  Excel  would  create  an  XML  Map.  1  also  added  other  argu¬ 
ments  to  set  the  number  of  results  per  page  and  which  page  of  the  re¬ 
sults  should  be  returned  and  this  is  what  I  wound  up  with: 

http://search. twitter.com/search. atom?q=rovio&since%3A2009-02- 
0 1  &until%3A2009-03-24&rpp=50&page=l 
Unfortunately  this  only  appeared  to  work  when  used  in  Excel. The 
Twitter  search  just  ignored  everything  after  the  first  and  returned  the 
last  results  available  for  the  given  search. 

What  this  comes  down  to  is  four  issues:  The  Twitter  search  interface  is 
poorly  documented;  the  Atom  version  of  the  search  doesn’t  support  all 
of  the  additional  arguments;  Excel  is  too  fussy  about  which  URLs  it  is 


willing  to  interrogate;  and  Excel  also  gives  you  precious  little  informa¬ 
tion  about  what  it  doesn’t  like. 

This  is  all  very  annoying  because  I’ve  used  Excel  XML  Maps  with  all 
sorts  of  XML  sources  before  and  never  had  problems  like  these.  I  now 
hate  both  the  Twitter  and  the  Excel  developers  with  a  passion. 

So  I  still  want  to  use  Excel  because  it  allows  me  to  create  summaries, 
pivot  tables  and  graphs,  but  it  looks  like  using  XML  Maps  to  get  the  data 
directly  isn’t  going  to  work. 

Here’s  an  idea:  Let’s  use  cURL  to  retrieve  the  raw  XML  rather  than  rely¬ 
ing  on  the  vagaries  of  what  Excel  might  or  might  not  consider  accept¬ 
able.  And  that’s  just  what  I’ll  do  next  week  when  I  have  enough  space  to 
wax  lyrical  on  the  topic. 

But  to  close  this  week  I  want  to  go  back  to  a  column  I  wrote  about 
SAP’s  Xcelsius.Xcelsius  is  a  dashboard  development  tool  that  ingests  an 
Excel  spreadsheet  and  lets  you  attach  graphical  meters,  sliders  and 
graphs  to  the  underlying  data  and  generate  a  Rash  movie  that  can  be 
used  on  Web  pages. 

In  that  piece  1  noted  how  SAP  had  added  a  ton  of  features  to  the  4.5 
version  of  Xcelsius  but  threw  out  stability,  reduced  usability  and  appar¬ 
ently  considered  documentation  to  be  optional.  The  phrase  “epic  fail” 
came  to  mind.  Since  then  SAP  has  released  a  number  of  updates,  the 
most  recent  being  Xcelsius  2008’s  Fix  Pack  3. 

Having  beaten  this  update  to  death  I  conclude  the  following:  Stability 
is  much  improved,  bugginess  has  been  reduced  but  is  still  a  problem, 
usability  is  slightly  better  but  still  has  an  engineering  feel,  and  docu¬ 
mentation  and  error  messages  are  still  abysmal. That  said, Xcelsius  2008 
is  somewhat  improved  and  gets  a  score  of  3.5  out  of  5. 

Gibbs  is  cruel  to  software  in  Ventura,  Calif.  Your  thoughts  on  software  tor¬ 
ture  to  gearhead@gibbs.com. 


Monkeying  around  with  chi.mp 


The  scoop:  chi.mp  free  account. 

What  it  is:  Like  many  social  networks,  a  chi.mp 
account  gives  you  your  own  “Web  space”,  letting 
you  post  status  updates  and  photos,  and  link  to 
other  social  networks  or  Web  feeds.Chi.mp  gives 
users  a  unique  domain 
name  (mine  is  http://kei- 
thshaw.mp,  for  example), 
an  OpenID  and  Web  site. 

The  chi.mp  service  also  has  a  contact  aggregator, 
pulling  in  contacts  or  “friends”  from  all  of  your 
other  networks  and  contact  databases. 

Finally,  the  service  lets  you  create  multiple  “per¬ 
sona”  profiles  that  are  displayed  to  designated  con¬ 
tacts.  For  example,  users  can  create  a  public  site,  a 
professional  site  that  you  display  to  colleagues, 
and  a  friends/family  site.  For  instance,  family  and 
friends  can  see  photos  of  your  kids,  while  profes¬ 
sionals  and  the  public  see  nothing.  And  truly  spe¬ 
cial  friends  can  see  your  spring  break  photos, 
while  mom  and  dad  see  nothing. 

Why  it’s  cool:  The  growth  of  social  networking  in 
the  business  world  has  created  the  problem  of 
“Who  am  I?”  for  many  users.  For  example,  do  the 
posts  on  my  Facebook  or  Twitter  page  represent  my  thoughts  as  a  Net¬ 
work  World  employee  or  my  thoughts  as  Keith  Shaw,  the  brand?  My 
friends  from  high  school  and  college  have  no  interest  in  my  thoughts  on 
the  latest  gadget, but  I’m  also  sure  that  Network  VVbr/rf ‘friends”  don’t  want 
to  see  photos  of  me  from  my  college  days.  Allowing  for  separate  per¬ 
sonalities  makes  chi.mp  an  intriguing  option. 

Other  social  networks  are  like  the  equivalent  of  a  country  club  — 


when  you  see  my  Facebook  page,  it’s  like  we’re  in  the  lobby  of  the 
Facebook  Club.  When  you’re  visiting  my  chi.mp  page,  it’s  like  you’re  in 
visiting  my  home  or  office  —  you  see  what  I  want  you  to  see,  based  on 
your  relationship  with  me.  Furthermore,  friends  can  hang  with  me  in  the 
living  room,  but  only  family  members  can  use  the  upstairs  bathroom. 

Users  can  customize  their  sites  with  different 
themes,  backgrounds  and  avatar  choices,  as  well 
as  link  to  a  number  of  different  social  networks.  In 
this  regard,  the  service  is  a  lot  like  FriendFeed. 

Social  media  gurus  and  individuals  who  are  cre¬ 
ating  their  own  social  brand  should  love  this  site, 
as  it  gives  them  a  central  location  and  an  easy  Web 
address  to  give  out  to  all  their  contacts. 

Some  caveats:  Managing  the  different  persona 
pages,  choosing  which  of  your  friends  goes  with 
which  persona,  and  which  feeds  or  photos  you  put 
on  each  page,  can  quickly  get  daunting.  With  hun¬ 
dreds  of  contacts  or  more,  doing  the  work  of 
choosing  designations  could  be  like  trying  to 
weed  down  a  wedding  invitation  list. 

Also,  the  early  version  of  the  service  seems  to  be 
geared  toward  users  of  multiple  social  networks. 
Bottom  line:  If  you’re  juggling  a  lot  of  different 
social  networks,  contacts  and  are  starting  to  feel  that 
you  really  have  multiple  personalities,  head  to  http://chi.mp  and  create 
your  own  social  hub  to  manage  them  all. 

Grade:  ★★★★  (out  of  five) 

Shaw  can  be  reached  at  kshaw@nww.com,  on  Twitter 
(http://twitter.com/shawkeith)  or  through  his  chi.mp  site  (http.V/keith 
shaw.mp). 


C00LT001S 


Chi.mp  is  a  service  that  allows 
you  to  differentiate  your  person¬ 
alities  in  the  social  networking 
world. 
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I  CLEAR  CHOICE  TEST  VIRTUALIZATION  MANAGEMENT 

Gross-platform  tools  fall  short 

CA  comes  out  on  top  in  four-product  test,  but  there’s  room  for  improvement 


BY  TOM  HENDERSON  AND  BRENDAN  ALLEN, 

NETWORK  WORLD  LAB  ALLIANCE 

With  the  abundance  of  formidable  virtualization  platforms  on 
the  market  today  there  ought  to  be  a  better  way  to  manage  het¬ 
erogeneous  virtual  machine  farms.  But  the  bad  news  is  that 
after  comparing  four  packages  whose  makers  say  they  do  just 
that,  we’re  still  looking  for  an  easier  way  out  of  cross-platform  virtualiza¬ 
tion  management  hell. 

The  VM  management  packages  we  tested  fell  into  two  categories:  add¬ 
ons  to  existing  systems  management  platforms,  and  newer  stand-alone 
packages.  Microsoft’s  Systems  Center  Virtual  Machine  Manager 
(SCVMM)  and  CAs  Unicenter-based  Network  &  Systems  Management 
(NSM)  with  Advanced  Systems  Management  (ASM)  fell  into  the  former; 
while  Insystek’s  TotalView  and  DynamicOps  Virtual  Resource  Manager 
(VRM)  fell  into  the  latter. 

The  products  varied  wildly  in  their  approach  to  the  problem  and  each 
fell  down  in  its  own  places. 

•  Microsoft’s  SCVMM  did  well  for  Windows  VM  guests, and  could  get 
a  grip  on  VMware’s  ESX  platform  —  but  only  if  VMware’s  expensive 
VirtualCenter  was  also  installed.  SCVMM  required  Microsoft’s 
Operations  Manager  to  provide  life-cycle  management,  but  integrating 
and  patching  everything  together  into  a  working  system  proved  diffi¬ 
cult. 

•  Likewise  CAs  graft  of  ASM  and  NSM  onto  our  test  network  was  very 
difficult.  NSM  is  a  powerful,  innately  heterogeneous  management  pack¬ 
age,  and  it  could  produce  lots  of  data  regarding  our  VM  farm  test  simu¬ 
lation,  but  it  stopped  short  in  a  number  of  areas  including  building  and 
versioning  VMs  and  discovering  existing  VM  infrastructure. 

•  DynamicOps  VRM  was  more  of  a  VM  library  manager  or  provision¬ 
ing  rather  than  a  full-fledged  management  package.  It  also  was  difficult 
to  integrate,  and  lacked  key  features  required  for  monitoring  and  man¬ 
aging  VM  infrastructure. 

•  Insystek’s  TotalView  possesses  all  the  characteristics  of  a  work  in 
progress.  There  was  lots  of  promise  for  things  such  as  policy-based 
management,  but  TotalView  crashed,  had  problems  with  its  admit¬ 
tedly  brand-new  Hyper-V  support,  and  was  a  source  of  intense 
deployment  frustration. 

Goals  and  test  environment 

Each  management  package  had  to  work  with  two  or  more  hypervisor 
platforms  picked  from  a  list  consisting  of  VMware’s  ESX  3.5,  Microsoft’s 
Hyper-V  and/or  Citrix’s  Xenserver  5.0.  We  installed  these  hypervisors  on 
a  variety  of  hardware  platforms  (see  How  we  did  it,  www.nwdocfind 
er.com/9521).  And  we  installed  the  products  under  test  on  vendor-rec¬ 
ommended  hardware  and  pointed  them  at  VMs  running  across  the  mul¬ 
tiple  hypervisor  hosting  platforms  supported  by  each. 

Each  VM  management  product  was  tested  in  five  areas  important  to 
VM  farm  administrators: 

•  Release  management  (building  and  provisioning)  forVM  deploy¬ 
ments  comprising  at  least  two  different  hypervisor  platforms. 

•  Moving,  adding  and  changing  VM  instances  (life-cycle  manage¬ 
ment)  forVM  deployments  comprising  at  least  two  different  hypervi¬ 
sor  platforms. 

•  Operational  management  as  facilitated  by  administrative  and  user 
roles  using  at  least  two  different  hypervisor  platforms. 

•  Incident  and  troubles  management  consisting  of  monitoring, 
alarms,  audit,  and  reports  across  multiple  virtual  host  platforms. 

•  Security  management  for  accessibility  to  VM  instances,  host  oper¬ 
ating  environments,  and  applications  across  multiple  host  platforms. 


CA’s  System  Command  Center  user  interface  offers  access 
to  the  strongest  cross-platform  management  feature  set 
tested,  but  that  comes  at  a  considerable  configuration 
price. 

The  GA  option 

Of  the  products  we  compared,  CAs  NSM/ASM  pairing  served  up  the 
best  combination  of  VM  management  components.  But  it  wasn’t  prob¬ 
lem  free. 

NSM  provides  the  base  systems  management  infrastructure,  while  the 
ASM  piece  serves  up  the  virtualization  and  cluster  management  wares. 
CAs  virtualization  management  support  for  VMware’s  VirtualCenter/ESX 
and  Hyper-V  is  only  one  aspect  of  the  package  used  to  manage  large  net¬ 
works  of  systems.  But  for  our  purposes,  we  limited  the  scope  of  testing  to 
the  virtualization  components  only 

We  set  up  NSM/ASM  to  run  on  a  Windows  2003  Server  R2  machine  (it 
can  also  run  on  a  Unix  server)  with  a  SQL  Server  2005  server  using 
mixed-mode  authentication. 

As  for  the  physical  resources  necessary  CA  recommends  4GB  of  mem¬ 
ory  and  at  least  20GB  of  hard  drive  space  in  total.  For  CPU,  minimum 
requirements  are  2GHz  Pentium  4  or  AMD  Athlon  XP  2000f.We  then  had 
to  install  NSM  and  ASM  management  and  performance  agents  on  each 
machine  and  also  ASM  virtual  agents  for  it  to  work  with  Hyper-V  or 
VirtualCenter  host  machines  we  wanted  to  manage. 

CA  recommended  that  we  download  a  best  practices  utility  which 
should  have  enabled  us  to  install  NSM  and  ASM  together  but  the  installer 
utility  would  not  run.CA  technical  support  walked  us  through  a  manual 
install  that  took  four  hours. When  installing  NSM,  we  had  to  select  things 
such  as  Management  Database,  Agent  Technologies,  World  View  (a  visu¬ 
al  representation  of  the  network  showing  all  machines  and  devices  con¬ 
nected  to  the  network),  Enterprise  Management,  Notification  Services, 
Configuration  Manager  and  Web  Reporting  options. 

To  get  the  CA  combination  to  discover  ourVMware  VMs,we  had  to  use 
the  command  line  to  point  the  management  system  in  their  directions. 
To  connect  to  the  VirtualCenter  host  machine,  we  had  to  configure  some 
text  files  manually  for  CAs  distributed  intelligence  analysis  engine,  which 
uniformly  retrieves  information  from  all  managed  devices. 

We  did  notice  that  NSM/ASM  was  a  bit  sporadic  about  rediscovering 
VMware  VMs.  For  example,  a  cold  reboot  of  a  VMware  instance  was  not 
displayed  in  the  CA  GUI.  Other  times,  we  needed  to  stop  and  start  some 
of  the  NSM/ASM  services  on  the  VirtualCenter  host  machine  in  order  for 
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the  NSM/ASM  services  to  collect  the  data  from  it. 

According  to  CA  tech  support,  we  needed  to  set  up  an  SNMP  trap  on 
the  VirtualCenter  host  machine  so  that  NSM  would  rediscover  VMware 
VMs  after  wed  shut  them  down  and  restarted  them.  But  even  after  we  set 
the  SNMP  trap,  when  we  were  checking  out  performance  monitoring, 
there  was  a  similar  problem  where  we  had  to  stop  the  performance 
agent  on  the  VirtualCenter-based  machine  and  start  it  again. The  use  of 
SNMP  in  this  case  could  also  open  up  the  installation  to  known  securi¬ 
ty  issues  surrounding  SNMP  and  community  naming  strings. 

The  overall  VM  discovery  and  connection  process  was  similar  for  the 
Hyper-V  VMs,  except  we  had  to  apply  a  support  patch  first,  and  then 
install  the  Hyper-V  agent. 

With  the  arduous  installation  process  behind  us,  we  were  able  to  view 
quite  a  bit  of  information  about  the  VMs. 

There  were  three  main  GUI  components:  the  main  NSM  GUI  called  the 
Management  Command  Center  from  where  we  controlled  the  underly¬ 
ing  management  infrastructure;  the  main  ASM  GUI  called  the  Systems 
Command  Center  from  where  we  managed  our  VMs;  and  the  NSM 
Performance  Scope  GUI  from  where  we  peered  into  statistics  collected 
about  all  managed  servers. 

Each  uses  a  three-pane  view. There  was  a  narrow  tree-hierarchy  on  the 
left  side  of  each  that  allowed  us  to  dig  down  into  the  VM  environment. 

We  were  able  to  do  all  the  usual  VM  controlling  commands,  such 
as  start,  stop  and  shutdown;  suspend,  clone  and  make  template 


from  the  Systems  Command  Center  tool.CA’s  VM  management  and 
monitoring  capabilities  don’t  extend  beyond  what  you  can  do  with¬ 
in  each  VM  environment,  and  those  controls  vary  by  hypervisor 
(such  as  HyperV  commands  are  slightly  different  from  the 
VirtualCenter  commands). 

The  one  task  we  were  not  able  to  do  inside  of  CAs  interface  was  cre¬ 
ate  a  newVM  from  scratch  in  either  the  VMware  or  Microsoft  hypervisor 
environments.  To  create  a  new  VM,we  had  to  clone  another  VM  or  use 
an  existing  template. 

Cloning  and  migrating  VMs  are  simple  processes  with  CAs  offering.  For 
cloning,  we  clicked  both  the  VM  we  wanted  to  clone  and  the  cloning 
option.  A  dropdown  menu  allowed  us  to  add  some  details  about  the  VM 
including  name, storage  location  and  host  (even  though  we  had  to  keep 
the  same  host,  because  choosing  another  one  brought  on  failure  of  the 
process).  You  complete  a  similar  process  when  migrating  VMware  VMs, 
except  you  need  to  choose  the  host  to  which  the  VM  is  to  be  moved. 

A  VM  Library  feature  that  could  be  used  to  deploy  subsequent  images 
and  work  out  some  VM  vetting  processes  —  things  like  production 
proofs  —  are  not  yet  part  of  the  CA  offering. 

Operational  management 

We  found  ASM’s  administrative  and  user  roles  capabilities  to  be  quite 
advanced.  ASM  does  not  rely  on  Active  Directory  so  we  had  to  create 

See  Virtualization,  page  24 


Product 

NSM/ASM 

DynamicOps  VRM 

TotalView  1.2 

System  Center  Virtual 
Machine  Manager 

Vendor 

Computer  Associates 
www.ca.com 
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our  own  roles  and  users  manually  (Although,  it  was  possible  to  use 
Active  Directory  with  security  management  part  of  NSM.)  There  are 
two  default  roles  provided:  admin  (who  can  do  anything)  and  viewer 
(who  can  just  look). 

If  you  don’t  like  the  ones  offered,  you  can  roll  your  own  roles  and  the 
options  are  limitless.  In  each  instance  where  we  built  our  own  custom 
role,  we  were  able  to  specify  exactly  what  roles  were  permitted  to  carry 
out  which  VM  management  tasks  and  have  access  to  which  VMs. 

The  monitoring  and  alerting  functionality  requires  that  a  specific  per¬ 
formance  agent  be  installed  on  the  host  machine  running  VMware’s 
VirtualCenter,  but  there  is  no  additional  agent  needed  for  Hyper-VThe 
setup  is  quite  complicated,  but  once  we  tackled  that  with  the  help  of 
tech  support,  we  could  monitor  many  performance  metrics  such  as  VM 
disk  and  memory  size,  reads  per  second  and  network  connections  per 
second.  We  could  also  configure  how  often  the  information  is  updated 
in  the  CA  GUI. 

We  were  able  to  set  up  a  threshold  for  the  percentage  of  CPU  usage 
and  set  some  actions  (via  a  command-line  programming)  to  be  taken 
should  the  threshold  be  exceeded  for  VMs  running  under  VMware 
VirtualCenter  and  successfully  triggered  the  alarm. 

The  reactive  measures  that  can  be  taken  should  a  threshold  be  broken 
include  running  other  applications,  popping  up  an  alert,  triggering  a 
sound  and  sending  a  notation  to  a  log. 

As  for  Hyper-VVMs,  we  were  able  to  view  some  performance  data  from 
Hyper-V  but  not  all  metrics  (such  as  CPU  or  RAM  usage).  Some  of  the 
ones  we  could  view  included  network  connections  per  second  and  the 
Hyper-V  VM  health  summary 

Security  gets  more  direct  attention  in  NSM/ ASM  than  the  other  prod¬ 
ucts  we  tested,  including  the  aforementioned  definable  user  roles.There 
is  also  a  security  management  component  within  NSM,  even  though  it  is 
not  specifically  targeted  toward  its  virtualization  management  compo¬ 
nents.  With  NSM  security  management,  we  were  able  to  lock  down  parts 
of  NSM.  There  were  different  assets  permission,  asset  groups  and  user 
groups  available  to  create  a  secure  environment.  With  these  assets,  we 
could  control  access  to  the  NSM/ASM  consoles  and  commands  avail¬ 
able  to  them. 

Microsoft  Systems  Center  -  Virtual  Machine  Manager 
(SCVMM)  2008 

The  final  version  of  SCVMM  —  which  began  shipping  in  November  — 
is  much  improved  over  the  beta  code  we  tested  last  fall 
(www.nwdocfinder.com/9522),  but  it  still  has  some  rough  patches  in 
terms  of  integration  with  Microsoft’s  Operations  Manager  (needed  for 
monitoring  and  trending)  and  supporting  non-Windows  VMs. 

SCVMM  now  conveniently  manages  VMware’s  ESX-based  VMs,  but  that 
support  requires  that  VMware’s  own  VirtualCenter  management  applica¬ 
tion  (which  VMware  charges  for)  already  be  in  place  to  perform  much 
of  the  actual  work  when  managing  ESX  VMs.  This  condition  exists  for 
other  products  tested  as  well. 

Hosting  SC  VMM  requires  hardware  resources  that  depend  on  how 
many  hosts  you  plan  to  install.  Each  machine  that  runs  the  SCVMM 
management  console  needs  at  least  a  2GHz  x64  processor,  2GB  of  mem¬ 
ory  and  10GB  of  hard  disk  space. 

Windows  2008  Server  is  required  as  weli.You  also  need  to  deploy  (on 
a  separate  machine  if  you  like)  Microsoft  Operations  Manager  (MOM) 
2007,  a  prerequisite  for  the  Performance  and  Resource  Optimization 
(PRO)  tips  tool  that  handles  monitoring,  alerting  and  trending  tasks.The 
list  of  other  required  Microsoft  piece  parts  includes  Windows  PowerShell 
1.0+,  Windows  Remote  Management, WAIK  1.1  and  IIS  7.0. 

Using  SC  VMM  to  initially  make  a  VM  image  instance  wasn’t  easy  or 
intuitive. 

When  we  tried  to  make  a  new  VM  on  the  VMware  ESX  using  SC 
VMM  we  wanted  to  use  dynamic  disk  VMs,  but  we  could  only  select 


Microsoft’s  Systems  Center  Virtual  Machine  Manager,  while 
technically  able  to  manage  VMware-based  VMs,  still  puts 
its  best  foot  forward  when  managing  the  life-cycle 
Windows-based  VMs. 

fixed-sized  disks. 

Using  its  GUI,  we  tried  to  add  standard  ISO  images  of  operating  systems 
that  would  serve  as  image  sources  in  our  SC  VMM  image  library.  But  it’s 
not  obvious  how  to  do  this,  so  we  manually  copied  and  moved  images 
into  the  required  folder. 

We  wanted  to  use  an  ISO  image  to  initially  install  a  guest  VM  onto 
Hyper-V  We  set  up  the  guest  and  chose  Novell’s  SLES  10.2  (64-bit)  as  the 
operating  system  to  run  on  the  Hyper-V  host. We  chose  the  ISO  image  we 
had  manually  added  to  the  library  We  didn’t  want  to  copy  the  ISO  image 
so  we  chose: ‘Share  image  file  instead  of  copying  it’.  But  this  gave  us  an 
inarticulate  error  message,  telling  us  in  a  roundabout  way  that  the 
machine  requesting  the  image  did  not  have  proper  access  rights. 
Eventually  the  problems  were  solved  with  a  change  in  file/folder  per¬ 
missions.  But  it  was  no  mean  feat  to  get  the  Library  function  to  work. 

When  we  initially  attempted  to  migrate  VMs  between  Hyper-V  hosts  we 
got  an  emor  message  advising  us  of  processor  incompatibility  issues.The 
only  way  to  perform  a  cross-CPU  migration  with  SCVMM  is  to  shut  the 
VM  down,  copy  the  image  file,  then  restart  it  elsewhere.  Why  would  you 
want  to  use  this  function  in  a  shut  down  VM,  when  this  action  is  no  dif¬ 
ferent  than  taking  a  snapshot  and  reloading  it  as  aVM?This  means  addi¬ 
tional  downtime  is  required  to  complete  a  very  simple  and  ostensibly 
common  act  of  migration. 

It  would  have  been  nice  to  move  or  copy  an  ESXVM  to  Hyper-V  or  vice 
versa,  but  that  option  is  not  offered  here.  (None  of  the  other  manage¬ 
ment  tools  can  do  this  either,  though.)  We  were  able  to  clone  ESX  VMs 
onto  the  same  VMware  host  and  complete  an  ESXVM  to  ESXVM  migra¬ 
tion  with  local  storage  or  an  network  file  system  share. 

Using  VMware’s  liveVM  migration  utility  VMotion,  migrations  of  live 
VMware  ESX  to  ESXVM  guests  under  SC-VMM’s  control  worked  quite 
well. 

Whether  the  VMware  VMs  used  Linux  or  Windows,  the  VMs  were  able 
to  successfully  migrate,  although  we  found  the  VM  was  slow  to  connect 
to  the  viewer  subsequently  (and  we  had  to  close  the  VM  viewer  session 
and  open  a  new  one  because  it  was  on  a  different  server). 

SCVMM's  operational  management 

The  first  step  toward  achieving  any  form  of  daily  operational  manage¬ 
ment  is  being  able  to  actually  see  the  various  VM  platforms  on  the  net¬ 
work.  Under  SCVMM,  getting  to  ‘watch’  the  various  VM  hypervisor  screens 
was  possible,  but  the  quality  was  not  great. 

The  SCVMM  VM  viewer  uses  a  separate  window  from  the  main  GUI  (a 
plug-in  is  required  to  see  VMware  VMs).  Unfortunately  the  options  avail¬ 
able  from  within  the  viewer  itself  are  limited.You  can  reconnect  to  host, 

See  Virtualization,  page  26 


24  •  APRIL  13,  2009  •  www.networkworld.com 


It’s  estimated  that  the  world’s  datacenters 
will  produce  more  carbon  in  a  year  than  the 
total  electricity  usage  of  36  million  homes. 

A  greener  planet  needs  smarter  IT. 

Let’s  build  a  smarter  planet. 

ibm.com/efficient 


IBM,  the  IBM  logo  and  ibm.com  are  trademarks  ot  International  Business  Machines  Corporation,  registered  in  many  jurisdictions  worldwide. 
A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  'Copyright  and  trademark  information"  at  www.ibm.com/iegal/copytrade.shtml. 


GLEAR  CHOICE  TEST  VIRTUALIZATION  MANAGEMENT 


Virtualization 

continued  from  page  24 


lined  above.  In  reality  SC  VMM  uses  whatever  security  policies  are  set  up 
in  the  Windows  Active  Directory  domain. 


send  ctrl-alt-delete  commands,  and  use  all  of  the  real  estate  of  the  mon¬ 
itor.  There  are  no  start/stop,  shutdown  or  pause  buttons  available  from 
the  viewer. 

Every  time  we  clicked  inside  to  give  focus  to  the  viewer  while  installing 
a  VM,  it  would  pop  up  with  the  message,  "You  can’t  control  the  mouse 
while  running  a  remote  session  without  virtual  tools  installed."  This  was 
very  annoying  because  when  we  installed  a  SLES  VM  onto  a  Hyper-V 
server,  we  couldn’t  even  use  the  mouse,  and  still  had  trouble  using  the 
VM  afterwards  trying  to  install  the  Hyper-V  Linux  components. 

While  working  with  ESX  machines,  we  could  not  turn  them  off  remote¬ 
ly  as  is  possible  with  ESX  Infrastructure  Client  (like  shutdown,  reboot  or 
enter  maintenance  mode  for  the  physical  machine).  Secondly  we  were 
not  able  to  use  templates  created  in  ESX  within  the  SC  VMM  interface. 
Therefore,  it  is  still  necessary  to  use  VMware’s  client  for  certain  tasks,  and 
we  wondered  why  we  would  use  SCVMM  when  we  had  to  reference 
VMware’s  utilities  anyway 

Besides  the  primary  SC  VMM  administrator  role,  there  are  two  other 
roles  —  a  delegated  administrative  role,  and  a  self-service  user  role. The 
user  and  group  management  scheme  uses  existing  Active  Directory 
roles,  so  there  is  no  need  to  create  new  ones.  We  just  assign  those  users 
VM  management  duties  from  within  the  SCVMM  GUI. We  were  also  able 
to  restrict  the  actions  users  could  perform  on  the  VM  using  self-service 
users  role  establishment.The  available  actions  are  start,  stop,  checkpoint 
(similar  to  the  snapshot  feature  with  other  tools),  remote  desktop  con¬ 
trol,  pause/resume,  shutdown  and  remove. 

You  can  place  deeper  restrictions  on  VMs  if  you  tap  into  the  concept 
of  host  groups.  This  allows  users  to  create  new  VMs,  setting  a  quota  of 
how  many  can  be  created  or  if  users  can  store  them  in  the  library 

As  an  example,  we  created  a  self-service  user  role  that  was  restricted  to 
start  and  stop  privileges  only  on  our  Hyper-V  hosts.Then  we  added  some 
users  to  this  role.  Those  users  could  not  interact  with  the  ESX  servers  at 
all,  were  only  able  to  start  or  stop  Hyper-V  VMs  and  could  not  create  new 
VMs. 

As  for  the  delegated  admin  role,  it  is  quite  similar  to  the  full  adminis¬ 
trator  role  except  that  we  could  specify  a  certain  library  or  host  group  for 
them  to  administer. 

SG  VMM  Incident  Management 

We  had  trouble  configuring  PRO  tips.  Integrating  it  with  MOM  and 
SCVMM  was  unreasonably  difficult.  We  were  able  to  get  PRO  tips  work¬ 
ing  on  a  per-host  basis  and  were  eventually  able  to  get  VMs  to  report 
errors  on  a  per-VM  basis,  but  only  for  Windows  VMs,  not  for  Linux  ones. 

The  alarms  take  quite  a  while  to  show  up  also  in  the  management 
interface.  According  to  a  Microsoft  tech  person,  PRO  tips  works  by  gath¬ 
ering  data  over  a  period  of  time.  Therefore  the  updating  process  could 
take  six  hours  to  a  couple  days.  A  real-time  monitoring  system  for  alarm 
conditions,  this  is  not. 

Instead,  PRO  tips  works  as  a  reasonable  heuristics  system  for  monitor¬ 
ing  VM  conditions  and  making  recommendations  about  how  to  pro¬ 
ceed  based  on  criteria  we  set.  We  can’t  recommend  it  for  larger  installa¬ 
tions, and  certainly  not  for  those  installations  that  have  non-Windows  VM 
guests. 

In  order  for  PRO  tips  to  pull  data  from  specific  VMs  and  their  host  plat¬ 
forms,  you  have  to  install  the  appropriate  agent  software.  These  agents 
are  only  available  for  Windows  environments.  We  had  to  install  agents  on 
each  Hyper-V  host  and  each  individual  VM.  For  the  ESX  platform,  we 
installed  an  agent  on  ESX  Windows  VMs.  Microsoft  does  not  yet  offer  PRO 
tips  agent  software  for  Linux-based  VMs. 

The  reports  are  useful,  but  only  for  trend  analysis  and  audit  purposes, 
as  data  discovery  isn’t  really  trigger-based,  but  rather,  trend-based.  For 
those  looking  for  trend  analysis,  the  PRO  tips  reports  were  the  best  of  the 
products  tested  this  round. 

There  doesn’t  seem  to  be  anything  inherent  in  SCVMM  that  makes  it 
more  secure  other  than  the  role-based  management  capabilities  out- 


DynamicOps  Virtual  Resource  Management  (VRM) 

DynamicOps  describes  its  VRM  tool  as  a  "unified  approach  to  manag¬ 
ing  both  server  and  desktop  virtualization"  regardless  of  the  hypervisor 
platform. 

But  we  found  that  VRM  is  more  of  a  provisioning  tool  for  deploying  and 
controlling  access  to  VMs,  and  is  less  effective  when  it  comes  to  the  sub¬ 
sequent  management  of  the  successfully  installed  VMs. 

Also,  not  all  hypervisors  are  equal  in  terms  of  VRM’s  ability  to  control 
and  manipulate  VMs  running  on  top  of  them .VMware-based  VMs  are  def¬ 
initely  more  malleable  under  VRM’s  control  than  instances  running  atop 
Hyper-V  and  XenServer. 

Generally  there  were  more  manual  steps  to  use  the  DynamicOps  tools 
to  control  nonVMware-groundedVMs. 

DynamicOps  VRM  (we  mainly  tested  Version  3.1.0  except  for  when  the 
company  supplied  3.1.1  to  address  issues  we  had  with  Windows  2008 
Server  support  of  Windows  Imaging  Format  [WIM]  imaging  needed  to 
support  Hyper-V)  must  be  installed  on  a  32-bit  version  of  Windows 
Server  2003  R2.We  were  able  to  install  it  inside  an  appropriate  Windows 
2003R2  VM  without  issue.The  program  needs  access  to  at  least  two  CPUs, 
2GB  of  RAM  and  40GB  of  disk  space. 

It  also  needs  a  database.  We  tested  it  with  SQL  Server  Express  2005,  but 
it  also  works  with  SQL  Server  2005.  Microsoft  .Net  3.5  and  Microsoft  IIS 
6.0  with  ASPNET  are  also  required. 

The  supported  virtual  environments  are  XenServer  5  or  later, VMware 
ESX  2.5  or  later  with  VirtualCenter  2  or  later  included,  and  Hyper-V  1 .0.  It 
was  necessary  to  install  proxy  agents  for  each  kind  of  virtual  environ¬ 
ment  that  we  had  deployed  in  the  test  bed. 

The  default  installation  was  not  complicated.  Configuring  the  product 
did  require  a  careful  reading  of  the  manual.  But  the  upgrade  to  Version 
3.1.1  was  an  error-ridden  process.  For  example, some  user-based  data  did 
not  correctly  transfer  during  the  upgrade.  We  had  to  add  those  manually 
to  the  database.  A  DynamicOps  spokesperson  said  these  database  prob¬ 
lems  we  incurred  ought  to  be  fixed  by  the  time  you  read  this. 

In  our  initial  test  with  VMware  ESX,  we  had  to  enter  information  for 
many  different  configuration  settings  such  as  blueprints,  provisioning 
groups,  cost  profiles  and  VM  name  prefixes  before  we  were  able  to  add 
our  VirtualCenter  information  and  import  our  guests  into  the  VRM  con- 
sole.Then,we  were  able  to  start  and  stop  the  machines  that  were  import¬ 
ed  by  using  the  VRM  Infrastructure  Organizer  tool. 

When  we  tested  VRM  with  XenServer,  we  had  to  add  XenServer  infor- 
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DynamicOps  uses  the  concept  of  building  blueprints  for  its 
VM  library.  All  new  VMs  are  subsequently  provisioned 
pretty  well  from  within  that  library,  but  ongoing  manage¬ 
ment  of  them  is  still  a  work  in  progress. 
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mation  manually  first  adding  the  host  in  the  hosts  category  then  creating 
a  reservation  to  make  sure  there  is  enough  storage  and  CPU,  then  assign¬ 
ing  the  reservation  to  the  host.  After  that,  we  could  finally  add  a  VM  by 
entering  in  the  details  about  each  VM. 

This  process  could  become  very  tedious  if  you  had  many  Xen-based 
VMs.A  rudimentary  discovery  process  in  the  application  would  grease 
this  application  mightily.  DynamicOps  representatives  said  the 
Infrastructure  Organizer  should  be  able  to  handle  XenServer  and  Hyper- 
V  environments  in  the  next  major  release  (3.2)  of  VRM. 

Creating  VMs  from  scratch  from  within  the  VRM  infrastructure  is  not 
possible.  It’s  only  possible  to  copy  an  existing  blueprint,  which  are  forms 
we  filled  in  with  various  desired  settings  after  which  we  could  provision 
VMs.  The  requested  VMs  were  created  in  the  same  storage  location  that 
was  set  in  the  reservation. 

We  had  some  VMs  on  local  storage  and  some  on  shared  storage.  When 
the  blueprints  were  used  to  create  a  new  VM,  that  VM  was  created  in  the 
same  location  (either  local  or  shared  folders).  We  were  able  to  set  para¬ 
meters  within  the  blueprint  regarding  whether  the  VM  needed  permis¬ 
sion  to  clone  itself.  And  depending  on  the  user  group  that  we  had 
defined,  our  user  role  allowed  us  to  get  specific  blueprints,  where  we 
were  allowed  to  get  them.  Then  a  group  leader  (or  VRM  administrator) 
had  to  approve  our  request  to  provision  a  new  VM.The  approval  process 
is  a  good  security  measure  that  we  did  not  see  in  other  products. 

The  blueprint  process  gives  fine  control  for  replicating  VM  templates, 
but  is  a  tedious  process.You  can  create  blueprints  for  all  kinds  ofVMs  on 
all  hypervisor  platforms.  But  creating  blueprints  requires  carefully  going 
through  the  documentation  to  make  sure  each  setting  was  correct  for 
the  desired  VM  on  the  desired  platform.  Generally  the  data  entered  in 
our  test  was  similar  but  some  fields  were  required  for  VMware  that 
weren’t  required  for  others.  So  when  we  wanted  to  create  a  blueprint  for 
Windows  2008  Server,  we  needed  to  create  three  blueprints  —  one  for 
each  environment. 

Setting  up  the  blueprint  to  clone  a  VM  was  pretty  difficult  because  the 
documentation  was  not  clear  and  every  setting  had  to  be  entered  man¬ 
ually  VMware  VirtualCenter  has  specific  clone-time  attributes  needed  to 
be  set  within  the  blueprint.  For  example,  the  setting 
" VMware. VirtualCenter. OperatingSystem"  was  the  one  that  gave  us  the 
most  trouble.  If  DynamicOps  had  this  information  in  the  docs  or  a  link 
to  a  list  of  values  that  go  here,  the  process  would  have  been  simpler. 

DynamicOps  recommends  using  WIM  for  all  cloning  purposes.  WIM  is 
a  file-based  disk  image  format  that  can  be  used  to  deploy  Windows- 
based  machines  or  in  this  case  VMs.  But  this  way  of  cloning  only  works 
with  Windows-based  VMs  and  it  does  not  work  with  Windows  2008  x64 
at  this  moment.  We  could  only  import  Linux  VMs  or  clone  them  via  the 
VMware  clone  method. 

DynamicOps  implementation  of  WIM  Imaging  was  error-prone  and  the 
documentation  was  unclear,  quirky  and  sometimes  wrong  on  how  to 
properly  use  the  product.  For  example,  when  creating  the  WIM  image  for 
Windows  2008,  which  should  be  a  relatively  simple  process,  we  had  to 
create  an  unattend.xml  file  to  be  read  by  Sysprep  (a  Microsoft  com¬ 
mand  that  prepares  a  system  for  virtualization  from  physical  to  virtual 
conversion)  to  configure  certain  items  like  license  keys  and  admin  pass¬ 
words.  The  manual  also  described  a  number  of  laborious  WIM  imaging 
choices,  which  could  have  easily  been  re-made  into  templates. 

Seeing  as  you  can  create  both  Windows  and  Linux  VM  clones  using 
VirtualCenter  alone,  we  don’t  see  the  benefit  of  jumping  through  the 
WIM  Imaging  hoops. 

When  we  created  provisioning  groups  —  where  you  establish  which 
users  play  which  roles  and  belong  to  which  groups  —  we  also  set  up 
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resources  for  each  group. 

You  can  import  your  existing  VMs  from  VMware  only  VRM  seems  to  be 
mostly  for  setting  up  your  environment.  Even  when  we  imported  the 
machines,  we  couldn’t  copy  them  or  really  do  anything  with  them.  We 
still  had  to  create  separate  templates,  blueprints,  WIM  images  and  other 
setup-related  duties  in  order  to  do  anything.  Linux  support  is  almost  non¬ 
existent  except  for  VirtualCenter  cloning,  while  other  operating  systems 
are  completely  left  out.There  is  no  moving  or  migrating  VM  functionali¬ 
ty  at  all. 

Operational  management 

User  administrative  roles  are  highly  evolved. There  are  four  basic  roles 
for  each  provisioning  group:  administrator,  user,  group  manager  and  sup¬ 
port  personnel  roles.  VRM  uses  Active  Directory  for  users’  credential  for 
authentication  and  authorization  purposes  so  that  users  can  get  appro¬ 
priate  access  to  the  VRM  Web  console.  Each  user  role  allows  those  users 
to  undertake  certain  administratively  defined  roles.  The  enterprise 
administrator  for  VRM  can  assign  users  to  each  role. 

VM  instance  control  was  comparatively  weak  across  platforms.  The 
only  commands  available  to  use  with  the  VM  are  start  and  stop  via  the 
VRM  Web  console.  And  stop  doesn’t  shut  down  the  machine  complete¬ 
ly  it  just  turns  it  off,  like  pushing  the  power  button  when  something  is  run¬ 
ning.  Other  management  applications  tested  know  how  to  trigger  an 
orderly  guest  shutdown. 

Also,  if  you  don’t  use  the  VRM  interface  to  turn  on  or  turn  off  the  VMs, 
it  doesn’t  seem  to  recognize  any  state  change.  Other  options  such  as 
changing  the  memory  amount  of  allocated  CPUs  or  other  setup  options 
forVM  guests  are  not  available  and  must  be  done  within  the  native  man¬ 
agement  environment.  Although,  there  is  a  connect-via-RDP  option  avail¬ 
able,  we  were  unable  to  get  this  process  to  work  properly 

VRM  lacks  alarms  and  event  triggers,  but  there  were  logs  and  reports 
we  could  view.  The  views  included  capacity  usage,  inventory  top  10 
resources,  VM  status  and  audit  logs.  We  could  filter  by  different  criteria 
such  as  host,  user  and  machine  name.  Some  of  the  views  included  nice 
graphs  that  were  useful  to  get  a  quick  idea  about  what  is  going  on. 

Besides  strong  user  roles  and  tying  those  to  Active  Directory  there  was 
not  anything  in  particular  that  made  the  virtualized  environments  more 
or  less  secure  using  VRM. 

Insystek  TotalView 

Insystek  TotalView  is  designed  to  be  a  comprehensive  environmental 
management  tool  for  physical  and  virtual  infrastructure.  For  the  purpos¬ 
es  of  this  test,  it  supports  XenServer  and  VMware  ESX  and  VirtualCenter 
and  a  few  older  virtualization  environments  not  included  in  our  test 
bed,  but  it  does  not  support  Hyper-V  yet. 

Insystek’s  VMware  control  is  decidedly  more  effective  than  its  control 
over  XenServer.  We  started  out  testing  TotalView  1.1,  but  an  upgrade  to 
1.2  arrived  during  the  middle  of  testing,  so  we  upgraded  to  it. 

While  it  was  quite  buggy  and  crashed  when  performing  certain  tasks, 
TotalView  does  provide  quite  a  bit  of  detailed  —  but  mostly  static  — 
information  about  the  virtual  machines  on  VMs  running  atop  of  our 
XenServer  and  VMware  ESX  hosting  platforms.The  product  does  not  do 
a  good  job  of  refreshing  the  information  it  initially  finds.  That  said,  the 
user  interface  is  a  mess,  as  switching  between  different  —  but  necessary 
—  areas  of  the  GUI  proved  to  be  very  painful. 

TotalView  has  a  Windows-based  GUI  that  Insystek  recommends  should 
be  run  in  an  application  hosting  environment  using  Windows  XP  SP2 
and  SQL  Express  2005.  Also  supported,  but  not  tested  —  hosting  envi¬ 
ronments  include  Microsoft  Windows  2000  with  SP4  and  Windows  2003 
Server.  Other  supported  databases  include  MS  MSDE  and  MS  SQLServer. 

Installation  was  more  difficult  than  it  needs  to  be,  and  we  had  to  man¬ 
ually  select  the  SQL  Server  Express  Edition  to  make  things  work,  a 
process  exacerbated  by  a  strange  licensing  dysfunction  and  indeci¬ 
pherable  error  messages. 

With  TotalView  1.2  deployed  in  the  test  bed  (Version  1.1  was  wrought 
with  installation  issues  pertaining  to  managing  XenServer  VMs  so  we 
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Insystek  TotalView  attempts  to  manage  cross-platform  VM 
host  and  guest  life  cycles,  but  didn’t  fare  well  in  our  test¬ 
ing,  as  the  implementation  was  marred  by  stability  issues. 
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had  to  upgrade)  we  could  complete  all  VM  operational  basics  such  as 
starting  and  stopping  XenServer  machines  and  cloning  and  uninstalling 
VMs.  However,  attempting  to  suspend  VM  operation  repeatedly  yielded 
the  same  opaque  error  message:  Failure  SR_HAS_NO_PBDS. 

We  switched  to  testing  how  TotalView  could  manage  VMware’s  ESX 
machines.TotalView  can  manage  VMware  ESX-based  VM  whether  or  not 
VMware’s  VirtualCenter  application  is  present.  After  successfully  adding 
an  ESX  host  to  the  management  system,  we  attempted  to  create  a  new 
VM  on  that  host  using  the  TotalView  interface  and  all  methods  available 
to  us. 

There  were  two  ways  to  install  a  VM  using  TotalView,  one  was  a  typical 
install  that  uses  default  settings  after  selecting  the  operating  type,  and  the 
other  was  a  custom  install  in  which  we  could  choose  more  detailed 
options.  We  were  able  to  successfully  create  a  VM  (SLES  10.2)  using  a 
typical  install  with  Local  Storage  and  it  refreshed  correctly  with 
TotalView.  But  while  we  were  editing  or  changing  properties,  we  noticed 
that  TotalView  doesn’t  refresh  very  well.  It  really  should  refresh  more 
often  because  it’s  not  very  useful  to  monitor  VMs  if  you  have  to  manual¬ 
ly  refresh  the  display  all  the  time. 

When  we  tried  installing  from  a  shared  DVD  ISO  image,  we  had  to  copy 
it  to  our  TotalView  machine.  We  couldn’t  install  VMware  Tools  for  SLES 
(the  driver  tools  that  connect  the  hypervisor  and  the  guest  operating  sys¬ 
tem  together)  as  we  got  a  general  system  error. 

We  next  tried  a  custom  VMware  client  install  using  NFS  storage  for 
Windows  2008  server.  After  creating  a  custom-based  VM,  TotalView 
crashed  and  would  not  restart  and  the  database  was  corrupted.  We  had 
to  re-install  again  because  it  gave  the  same  error  every  time  we  started  up. 

Our  final  creation  test  worked  OK,  with  no  crashing  after  refreshing. We 
installed  Windows  2008  Server  on  this  VM.  TotalView  indicated  the  ere 
ation  was  successful,  but  the  newVM  wouldn’t  show  up  in  the  TotalView 
GUI.  When  we  refreshed  the  view,  TotalView  indicated  that  an  "unhan¬ 
dled  exception  occurred  in  your  application"  but  we  could  hit  the  con¬ 
tinue  button  and  ignore  the  error.These  errors  seemed  to  happen  all  too 
frequently 

We  could  verify  the  VM’s  existence,  but  had  to  do  so  using  VMware’s 
Virtual  Infrastructure  Client  view  (the  front  end  to  VMware’s 
VirtualCenter  management  server),  but  it  oddly  did  not  have  the  same 
settings  that  we  chose  upon  creating  it  with  the  TotalView  tool. 

We  reinstalled  the  software,  which  seemed  to  help  matters,  and  after 


adding  the  ESX  VirtualCenter  host  to  the  TotalView  system,  we  could 
successfully  execute  commands  such  as  clone,  stop  and  start  although 
other  commands  such  as  migrate  and  clone-to-template  were  grayed  out 
in  the  application  and  therefore  unusable. 

After  creating  VMs,  we  weren’t  allowed  to  migrate  them  as  that  option 
was  grayed  out  in  the  options  box.  We  could  do  this  manually  —  out¬ 
side  of  TotalView,  with  VMware’s  tools  on  VMware  and  using  Citrix 
XenServer  tools. 

When  we  tried  to  snapshot  a  VM  with  TotalView,  it  seemed  like  it  took 
the  snapshot  (we  used  the  VMware  Infrastructure  client  to  verify  that), 
but  reverted  back  to  the  snapshot  that  was  taken,  then  showed  only  a 
black  screen  and  did  nothing  else. TotalView  snapshots  did  not  include 
the  option  to  save  the  VM’s  memory  contents  (an  option  that  in 
VMware’s  client  is  checked  by  default),  therefore  if  you  take  a  snapshot 
of  a  live  VM  and  then  revert  while  the  VM  is  on,  corruption  could  hap¬ 
pen,  as  we  indeed  witnessed. 

To  set  up  TotalView  for  day-to-day  VM  management  of  environments, 
we  had  to  connect  our  virtual  environments  to  the  TotalView  interface. 
For  each  environment,  (XenServer,  VirtualCenter  or  plain-old  ESX  serv¬ 
er),  we  had  to  enter  our  credentials.  After  that, TotalView  imported  all  our 
VMs  into  its  GUI  and  listed  them  for  us.Then  we  were  somewhat  able  to 
manipulate  and  control  the  hosts. 

Our  beef  here  is  that  there  is  no  real-time  data  collection  of  what’s  hap¬ 
pening  in  the  VM  farm.  There  are  only  snapshots  of  a  single  state  rather 
than  continuous  monitoring  or  graphing  of  real-time  data. 

We  also  need  to  point  out  that  refreshing  the  GUI  screen  did  always 
update  the  display  after  we  had  changed  settings  or  performed  a  man¬ 
agement  task.  For  example,  after  changing  the  number  of  vCPUs  allocat¬ 
ed  to  a  particular  VM,  the  view  showed  the  previous  allocation  until  we 
closed  the  tab  and  re-opened  it  again. 

User  role  management  was  lacking  in  comparison  with  the  other  prod¬ 
ucts  tested. There  were  different  user  profiles  available  to  us,  but  no  way 
to  restrict  what  users  could  really  do  in  terms  of  access  and  manipulat¬ 
ing  the  managed  VMs.  We  could  only  select  the  administrator  role,  which 
gives  a  user  full  rights  to  manage  all  machines  in  the  virtual  environ¬ 
ments  and  use  all  administration  settings  (such  as  scheduling,  creating 
new  policies  for  alerts,  adding  new  users  or  other  admin  tasks)  or  non¬ 
administrator  roles  (people  who  can  manage  the  VMs  but  can’t  set  any 
administration  settings). 

Each  profile  was  considered  a  brand-new  one,  and  therefore,  we  had 
to  manually  add  the  virtual  environments  again  to  each  profile,  which  is 
a  time-consuming  process  as  each  virtual  environment  can  be  password 
protected. 

There  are  several  options  for  setting  policies  that  would  trigger  alarms 
—  if  they  would  work  properly  they  would  be  of  more  use.  For  example 
we  tried  created  a  policy  using  TotalView  to  watch  VMs  should  CPU 
usage  exceed  a  certain  threshold  on  VMware  machines,  as  there  were 
not  any  metrics  for  XenServer  available  that  went  above  a  certain  level. 

We  also  attempted  to  apply  a  policy  for  network  usage.  We  walked 
through  the  steps  of  selecting  and  applying  the  new  policy  and  when  we 
tried  to  view  the  status  of  the  policy  the  application  crashed. 

TotalView  neither  adds  nor  detracts  from  VM  instance  orVM  farm  secu¬ 
rity  in  anyway 

Conclusions 

If  conserving  VM  sprawl  was  the  marching  order,  the  most  important 
component  of  the  tests  was  how  each  product  maintained  control  over 
VM  instances  and  the  seemingly  inevitable  changes  that  VM  instances 
go  through  in  their  life  cycle. 

We  believe  that  running  parallel,  platform-specific  management  tools 
would  cause  the  least  amount  of  administrative  pain  at  this  juncture.  But 
if  you  need  to  get  some  form  of  cross-platform  VM  management  wares 
up  and  running  immediately  then  CAs  NSM/ASM  is  the  best  option  we 
tested. 

Henderson  and  Allen  are  researchers  for  ExtremeLabs  in  Indianapolis. 
Contact  them  at  kitchen-sink@extremelabs.com. 
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Twitter 
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tion  and  those  who  control  its  distribution. 

The  General  Services  Administration’s  top 
management  “has  been  very  supportive”  of  the 
agency’s  social  media  efforts,  says  B.  Leilani 
Martinez,  bilingual  content  manager  with  GSAs 
www'. gobiernousa. gov.  “That  has  helped  us  a 
lot.  Across  government,  the  reaction  from  top 
management  has  been  quite  inconsistent.  Cer¬ 
tain  government  agencies  block  employees 
from  using  some  of  these  tools.  For  me,  I  was  on 
Facebook  every  day  from  work  and  on  Twitter. 
GSA  allowed  us  to  think  outside  the  box.” 

Similarly  when  the  U.S.  Strategic  Command 
launched  its  SKY  Web  blog  in  2005,  it  was  the 
command’s  leader,  Gen.  James  Cartright,  who 
pushed  the  idea  forward,  Mihelcic  says.  And  it 
was  Transportation  Security  Administration 
(TSA)  head  Kip  Hawley  who  encouraged  the 
agency  to  create  an  internal  Web  2.0  collabo¬ 
ration  environment  called  The  Idea  Factory 
and  a  public-facing  Evolution  of  Security  Blog. 

3  Start  small  and  grow  your  social 
media  efforts  gradually. 

I  GSA  has  embraced  social  media 
sites  one  at  a  time  over  the  last  year.  First  the 
agency  began  its  www.govgab.gov  blog.Then  it 
began  using  Twitter.  Now  it  has  a  pilot  project 
with  Facebook.  “For  certain  people  [social 
media]  is  a  big  surprise.  But  we’ve  been  prepar¬ 
ing  for  it.... People  are  more  open  to  it  than 
they  were  two  years  ago  or  even  one  year  ago,” 
Martinez  says. 

Similarly  NASA  started  using  YouTube,  then 
Facebook  and  now  Twitter,  says  Robert  Jacobs, 
Acting  Assistant  Administrator  for  NASAs 
Office  of  Public  Affairs.  “We  stuck  our  toes  in 
the  water  with  YouTube,”  Jacobs  says.“Then  we 
created  some  sites  [on  Facebook],  When 
Twitter  came  up,  it  seemed  like  a  good  place 
for  us  to  create  a  conversation.” 


4  Keep  it  simple. 

Don’t  try  to  add  too  many  social 
I  media  tools  all  at  once,  advises  Chris 
Rasmussen,  an  intelligence  official  responsible 
for  Intellipedia,  a  wiki  used  by  the  National 
Security  Agency,  the  Central  Intelligence 
Agency  and  the  military  Rasmussen  says  the 
intelligence  community  has  too  many  Web  2.0 
tools,  including  blogging,  social  bookmarking, 
video  sharing,  photo  sharing,  document  stor¬ 
age,  desktop  conferencing,  chat  and  a 
Facebook-type  application.  The  problem,  he 
says,  is  that  analysts  are  using  these  tools  and 
then  doing  their  work  over  again  using  more 
traditional  methods.“Take  two  things,  and  focus 
on  the  two,”  he  advises. 

Make  sure  the  data  on  social  media 
applications  is  relevant. 

I  Don’t  put  data  out  there  for  data’s 
sake,  recommends  Adelaide  O’Brien,  research 
manager  for  IDC’s  Government  Insights.  Pro¬ 
vide  data  to  citizens  that  they  can  “use  to  solve 


their  own  problems,  become  better  educated 
and  let  them  comment  back.” 

You  also  need  to  understand  the  quality  of 
the  data  being  shared  on  internal  social  media 
applications.  “If  we’re  going  to  make  a  decision 
of  the  deployment  of  U.S.  forces,  we  need  to 
know  what  that  information  is  based  on  and 
that  it  has  a  reasonable  pedigree.  That  it’s 
authoritative.  How  do  we  indicate  a  piece  of 
information  is  known  to  be  true?  How  do  we 
differentiate  it  from  all  the  other  information 
that’s  out  there?  One  of  the  ways  we’re  looking 
to  do  that  is  with  a  ranking  system,”  DISAs 
Mihelcic  says. 

Set  aside  enough  resources  for 
social  media  efforts.  These  channels 
13  require  ongoing  monitoring  and 
constant  enhancement. 

Intellipedia  has  more  than  20  moderators  — 
dubbed  gardeners  —  who  watch  wiki 
changes,  clean  up  errors  and  keep  conversa¬ 
tions  focused  on  the  topic.  NASA  has  a  staff  of 
10  public  affairs  officials  contributing  to  its 
main  Twitter  stream.  TSA  has  five  bloggers  for 
its  Evolution  of  Security  Blog. 

Another  resource  issue:  storage.  “If  you  need 
to  keep  the  data  forever  and  you  need  to  keep 
it  accessible  forever... the  requirements  for 
archival  are  going  to  grow?  Mihelcic  says, 
adding  that  he  sees  promise  in  cloud-based 
storage  services  for  Web  2.0  information. 

7  Set  expectations  on  the  frequency  of 
your  updates  and  how  fast  you  can 
■  respond  to  comments. 

Be  careful  about  the  expectations  you  set 
with  the  public  in  terms  of  how  often  you  are 
going  to  blog  or  how  quickly  you  are  going  to 
respond  to  comments.  “If  you  start  a  blog  as  a 
leader  in  government,  and  you  accept  com¬ 
ments,  and  people  suggest  things  to  do,  the 
issue  is:  What  are  you  going  to  do  with  that 
information?”  Trudeau  asks.  “You’re  setting  an 
expectation  that  you’re  going  to  take  some 
action  based  on  the  suggestions  you  receive.”  It 
helps  to  integrate  new  media  into  employees’ 
existing  workflow.  At  NASA,  for  example,  public 
affairs  officials  send  out  daily  tweets. 


8  Don’t  be  afraid  to  replace  a  legacy 
media  process  with  a  new  social 
I  media  process. 

One  of  the  biggest  problems  with  social 
media  tools  is  that  they  get  added  on  top  of 
employees’  workloads  without  older  processes 
being  stopped.  “The  [Web  2.0]  tools  are  great, 
but  then  they  are  actually  kind  of  viewed  as 
lesser  than  real  work  because  my  kids  use 
them. They  have  funny  names.  Serious  work  is 
done  in  e-mail  and  proprietary  databases,” 
Rasmussen  says.  That’s  why  intelligence  ana¬ 
lysts  are  writing  the  same  reports  twice:  once 
on  Intellipedia  and  again  on  a  legacy  agency- 
specific  system. 

9  Establish  metrics  to  measure 

whether  your  new  media  approach- 
I  es  are  working. 

Trudeau  says  most  social  networking 
applications  follow  the  90/1  rule,  with  1%  of 
the  people  accounting  for  the  vast  majority 
of  contributions.  Another  9%  contribute 
occasionally,  and  the  other  90%  are  only 
reading  the  exchanges. “The  90/1  rule  is  OK. 
If  you  have  43,000  users,  and  1%  are  con¬ 
tributing  ideas,  that’s  still  a  lot  of  new  ideas,” 
Trudeau  says. 

Jacobs  says  the  best  measure  of  Twitter’s 
effectiveness  is  the  degree  to  which  informa¬ 
tion  is  re-tweeted  and  shared  across  the  micro¬ 
blogging  site. 

Don’t  forget  security. 

“You  need  to  focus  on  secu¬ 
rity  up  front,”  DISAs  Mihelcic 
says.  “If  you’re  going  to  lever¬ 
age  a  new  media  wiki,  you  need  to  under¬ 
stand  what  are  the  risks  that  are  implied  by 
that  deployment  and  how  can  you  manage 
those  risks.”  He  says  you  need  to  understand 
the  operating  system,  the  disaster-recovery 
requirements  and  the  scaling  requirements 
when  considering  security.  Most  of  the 
Department  of  Defense’s  Web  2.0  applica¬ 
tions  run  on  internal  networks  that  use  pub¬ 
lic-key  infrastructure  (PKI)  certificates  to  ver¬ 
ify  users.  ■ 
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The  Internet  Kill  Switch 


Mark  Gibbs 


"To  retain  respect  for  sausages  and  laws,  one 
must  not  watch  them  in  the  making. ” 

—  Otto  von  Bismarck 
A  bill  currently  in  draft,  which  is  sponsored  by 
Sen.  John  Rockefeller  (D-WVa.),  chairman  of 
BACKSPIN  the  Senate  Committee  on  Commerce,  Science, 
and  Transportation,  and  Sen.  Olympia  Snowe 
(R-Maine),  is  a  great  example  of  how  watching 
political  sausage  making  will  cause  you  to  lose 
all  respect  for  those  cranking  the  handle. 

Hie  nascent  bill  proposes  that  the  president  be  given  what  will  be,  in 
effect,  the  power  to  shut  down  the  Internet. 

This  bill  is  a  working  draft,  so  to  some  greater  or  lesser  extent  it  is  “fly¬ 
ing  a  kite”.  It  has  a  lot  more  hurdles  and  scrutiny  to  face  before  it  gets 
near  to  becoming  law. That  said,  the  fact  that  anyone  would  put  for¬ 
ward  such  a  bill  is  just  marginally  this  side  of  insane. 

Here’s  the  really  contentious  things  the  bill  proposes:  In  Section  18, 
(4)  it  says  the  president  “may  declare  a  cybersecurity  emergency  and 
order  the  limitation  or  shutdown  of  Internet  traffic  to  and  from  any 
compromised  Federal  government  or  United  States  critical  infrastruc¬ 
ture  information  system  or  network”.  Section  18,(6)  adds,  the  president 
“may  order  the  disconnection  of  any  Federal  government  or  United 
States  critical  infrastructure  information  systems  or  networks  in  the  in¬ 
terest  of  national  security”. 

In  other  words,  the  bill  gives  the  president  an  Internet  Kill  Switch  to 
go  along  with  his  Nuclear-Destroy-the-World  Button. 

To  say  that  the  Internet  Kill  Switch  is  a  bad  idea  is  only  scratching  the 
surface  of  how  wrongheaded  the  proposal  is. The  more  rabid  right 
wingers  out  there  might  argue  that  the  idea  is  rational  because  pre¬ 
venting  the  enemy  from  communicating  and  protecting  our  vulnerabil¬ 


ities  are  two  keys  to  self  defense. That  argument  is,  as  a  famous  philoso¬ 
pher  once  said, “a  load  of  dingoes  kidneys.” 

First,  we  have  to  ask  if  an  Internet  Kill  Switch  is  even  possible. The  In¬ 
ternet  is  the  biggest  distributed  communications  system  mankind  has 
ever  created,  and  to  misquote  John  Gilmore’s  famous  assertion: “The 
’Net  interprets  control  as  damage  and  routes  around  it.”The  ’Net  is  too 
big  and  too  complex  to  be  shut  down  in  any  meaningful  way  even  if 
the  extent  of  the  disconnection  was  limited  to  federal  connections. 

And  there  in  lies  the  second  concern:  We  have  to  be  wary  of  what 
constitutes  “critical  infrastructure”.  Would  this  just  be  limited  to  govern¬ 
mental  Internet  connections,  or  would  it  extend,  as  Rockefeller  has  sug¬ 
gested,  to  online  services  “of  interest”  to  the  government  such  as  private 
sector  infrastructure  that  could  include  banking,  utilities,  air/rail/auto 
traffic  control  and  telecommunications?  If  the  latter  was  the  case  sure¬ 
ly  this  would  require  an  unheard  of  level  of  federal  oversight,  huge  ex¬ 
pense  for  both  the  government  and  business,  and  mandated  standards 
beyond  the  wildest  dreams  of  any  hardcore  bureaucrat. 

Third,  we  have  to  consider  whether  an  Internet  Kill  Switch  is  actually 
necessary  We  haven’t  given  the  president  the  authority  to  shut  down 
the  telephone  and  cell  phone  systems,  so  why  single  out  the  Internet? 

If  this  bill  is  serious  then  it  needs  to  address  the  bigger  communica¬ 
tions  picture.  And  that  can’t  be  done. 

Finally  we  have  to  consider  what  giving  the  government  such  authori¬ 
ty  would  really  mean.  For  example,  we  know  from  experience  that  you 
give  the  feds  an  inch  and  they’ll  put  you  under  surveillance. 

This  bill  needs  to  die  a  quiet  death.You  don’t  want  to  see  this  particu¬ 
lar  sausage  even  contemplated,  let  alone  made. 

Gibbs  has  yet  to  make  sausages  in  Ventura,  Calif.  Your  recipes  to  back 
spin@gibbs.com. 


Workplace  surfing  hounds  have  new  hero 


Surfing  the  Internet  for  fun  while  at  work 
actually  increases  employee  productivity 
insists  Dr.  Brent  Coker,  a  researcher  at  the 
University  of  Melbourne’s  Department  of 
Management  and  Shirking. 

The  press  release  touting  this  new  research 
was  dated  April  2,  so  I  am  presuming  that  it  was 
presented  in  good  faith. 

“People  who  do  surf  the  Internet  for  fun  at 
work  —  within  a  reasonable  limit  of  less  than 
20%  of  their  total  time  in  the  office  —  are  more  productive  by  about 
9%  than  those  who  don’t,”  he  says.“Firms  spend  millions  on  software 
to  block  their  employees  from  watching  videos  on  YouTube,  using 
social  networking  sites  like  Facebook  or  shopping  online  under  the 
pretense  that  it  costs  millions  in  lost  productivity,  however  that’s  not 
always  the  case.” 

Coker  even  has  a  catchy  acronym  for  the  behavior  he’s  championing: 
WILB,  which  stands  for  “workplace  Internet  leisure  browsing.” 

Try  this  one  next  time  a  supervisor  gives  you  the  stink-eye  for  having 
YouTube  open  on  your  desk: “Back-off,  boss,  I’m  WILBing  here  . . .  and 
it’s  good  for  the  bottom  line.” 

Coker’s  conclusions  were  based  on  a  survey  of  300  workers,  70%  of 
whom  were  dedicated  enough  to  their  jobs  and  their  employers  to  surf 
the  Internet  for  fun  while  on  the  company  dime. The  gist  of  his  theory 
is  that  employees  “need  to  zone  out  for  a  bit”  in  order  to  maximize 
their  effectiveness. 

In  all  seriousness,  there’s  little  reason  to  doubt  the  general  point:  Pro¬ 
ductive  workers  need  periodic  breaks,  both  physical  and  mental,  or  at 
least  that’s  what  I  tell  myself  every  time  1  point  my  browser  at  The 
Onion  or  take  a  stroll  into  the  staff  lounge. 

However,  if  that’s  such  an  article  of  faith,  what  about  that  30%  of  work¬ 


ers  who  admit  they’re  cheating  the  company  by  not  taking  their  thera¬ 
peutic  surfing  breaks?  Not  only  are  they  not  being  team  players,  it 
seems  to  me  they’re  taking  a  huge  risk  of  being  labeled  unproductive 
in  this  down  economy 

Perhaps  the  answer  for  these  laggards  should  be  mandatory  surfing 
breaks?  I  think  I’m  on  to  something  here. 

Online  brokerage:  “We  re  not  stupid,  we're  screw-ups" 

Every  year  someone  goes  careening  over  the  metaphoric  cliff  that 
April  Fool’s  Day  can  be  for  a  prankster  without  proper  judgment. 

Even  so,  Internet  stock-trading  house  Zecco  wants  the  world  to  know 
that  it  couldn’t  possibly  have  been  stupid  enough  to  concoct  an  April 
Fool’s  Day  prank  that  had  customers  seeing  fantastical  seven-figure 
account  balances,  and,  believing  themselves  to  be  just  playing  along, 
trading  as  though  the  new-found  fortunes  were  real. 

They  were  not  real,  of  course  —  there  were  technical  problems  — 
although  losses  and  fees  accrued  through  those  accounts  turned  out 
to  be  more  problematic. 

After  a  story  on  the  Consumerist  Web  site  flagged  the  train  wreck  as 
an  ill-advised  April  Fool’s  joke,  Zecco  was  forced  to  set  the  record 
straight:“We  did  not  perpetrate  an  April  Fool’s  Joke  on  our  customers 
...  In  no  way  (were  we)  trying  to  be  funny  regarding  such  a  sensitive 
matter  as  your  buying  power  or  account  balance.” 

So  let  that  be  a  lesson:  Don’t  screw  up  on  April  Fool’s  Day. 

Incidentally  this  little  kerfuffle  had  escaped  my  attention  altogether  at 
the  time  because  I  spent  a  good  deal  of  April  Fool’s  Day  morning  stuck 
in  an  elevator.  Really  it’s  on  the  Internet  and  everything  —  www.nwdoc 
finder.com/9533  —  so  you  know  it  must  be  true. 

Comments,  questions  or  a  favorite  WILB  site?  The  address  is 
buzz@nww.com. 
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Give  your  company  the  flexibility  to 
adapt  to  any  business  environment. 


Converged  Solutions  from  Sprint  uses  a  flexible  IP  core  for  your  company’s  voice,  video  and  data 
communications.  With  technology  like  Wireless  Integration,  your  mobile  has  all  the  functions 
of  your  desk  phone.  So  you  and  your  workforce  can  adapt  to  just  about  every  situation  you  find 
yourself  in.  Get  it  on  the  Now  Network .™ 

Certified  by 
Cisco  for  Quality 
of  Service 


©2009  Sprint.  Sprint  and  the  logo  are  trademarks  of  Sprint.  Other  marks  are  the  property  of  their  respective  owners. 


sprint.com/convergence 


When  it  comes  to  IT,  your  universe  is  always  expanding.  Needs  increase, 
resources  are  stretched  and  options  can  be  limited.  But  now,  you  can  rethink 
how  you  control  and  optimize  your  physical  and  virtual  servers  by  integrating 
them  with  one  powerful  software  solution.  Insight  Dynamics  — VSE.  Now  you 
can  increase  flexibility,  improve  cost  and  energy  efficiency,  and  simplify 
daily  operations. 

Supporting  this  technology  is  HP's  commitment  to  service  and  dependability  — 
a  point  of  difference  that  led  IDC  to  name  HP  the  #1  vendor  for  virtualization  * 


Technology  for  better  business  outcomes. 


HP  ProLiant  DL  Servers  HP  BladeSystem  c  Class 


AMD 

Opteron 


Quad-Core  AMD  Opteron™  Processor, 
with  AMD  Virtualization™  technology 

Ideal  for  general-purpose  solutions  and 
high-performance  computing 

Affordable,  modular  rack  systems  to 
give  your  IT  department  the  flexibility 
to  expand  with  your  business 


•  Quad-Core  AMD  Opteron™  Processor, 
with  AMD  Virtualization™  technology 

•  Infrastructure-in-a-box  saves  you  time, 
power  and  money  by  reducing  repetitive 
parts  and  redundant  operations 

•  Add,  replace  and  recover  resources  on 
the  fly  without  rewiring 


98m  I 


To  learn  more,  call  1-888-277-5467  or  visit  hp.com/servers/virtuall2 


AMD,  the  AMD  arrow  logo,  AMD  Opteron  and  combinations  thereof,  ore  trademarks  of  Advanced  Micro  Devices,  Inc. 

©  2009  Hewlett-Packard  Development  Company,  L.P.  The  information  contained  herein  is  subject  to  change  without  notice. 
*Source:  IDC  Quarterly  Server  Virtualization  Tracker,  October  2008. 


